Denial for /proc/$pid/task/$task/mountinfo when using mount-observe interface
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Fix Committed
|
Undecided
|
Philip Meulengracht |
Bug Description
----
$ snap version
snap 2.61.1
snapd 2.61.1
series 16
ubuntu 22.04
kernel 6.5.0-17-generic
----
The mount-observe interface allows reading the following files (from https:/
owner @{PROC}
owner @{PROC}
owner @{PROC}
However, processes might want to retrieve the info from /proc/thread-
This results in an error message that reads like this:
> open /proc/thread-
And the respective apparmor denial is:
> audit: type=1400 audit(170802574
----
We are able to fix the issue by adding the following line to the profile:
owner @{PROC}
We would like to extend the mount-observe profile to include this line if possible
description: | updated |
Changed in snapd: | |
assignee: | nobody → Philip Meulengracht (the-meulengracht) |
status: | New → In Progress |
Opened a PR for this issue: https:/ /github. com/snapcore/ snapd/pull/ 13601