snappy-hwe-snaps

Bug #1602383
Activity log

Activity log for bug #1602383

Date	Who	What changed	Old value	New value	Message
2016-07-12 18:50:47	Tony Espy	bug			added bug
2016-07-12 18:51:05	Tony Espy	summary	[Snap] NetworkManager miscellaneous Apparmor errors	NetworkManager miscellaneous Apparmor errors
2017-03-17 23:06:04	Tony Espy	summary	NetworkManager miscellaneous Apparmor errors	[network-manager] miscellaneous Apparmor DENIALs
2017-03-17 23:16:23	Tony Espy	description	While testing the latest NM snap on a RPI2 ( see below for image details ), a review of NM's log messages in syslog show two apparmor denials that should be investigated: Capability denial: apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" capability=1 capname="dac_override" Udev denials: apparmor="DENIED" operation="open" profile="snap.network-manager.networkmanager" name="/run/udev/data/n3" requested_mask="r" apparmor="DENIED" operation="open" profile="snap.network-manager.networkmanager" name="/run/udev/data/n1" requested_mask="r" apparmor="DENIED" operation="open" profile="snap.network-manager.networkmanager" name="/run/udev/data/n2" requested_mask="r" apparmor="DENIED" operation="open" profile="snap.network-manager.networkmanager" name="/run/udev/data/n4" requested_mask="r" Ptrace denials: apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" requested_mask="trace" peer="snap.network-manager.nmcli" Here's my snap configuration: Name Version Rev Developer canonical-pi2 3.2 6 canonical canonical-pi2-linux 4.4.0-1009-raspi2+20160421.13-36 12 canonical network-manager 1.2.2-1 8 canonical ubuntu-core 16.04+20160531.12-01 120 canonical	While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a single remaining apparmor denial that should be analyzed and fixed: Capability denial: apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" capability=1 capname="dac_override" Here's my snap configuration: admin@HGPLB02:~$ snap list Name Version Rev Developer Notes alsa-utils 1.1.2-5 68 canonical - bluez 5.37-2 15 canonical - caracalla 16.04-1.17 22 canonical - caracalla-kernel 4.4.0 27 canonical - core 16-2 1441 canonical - locationd 3.0.0+16.10.20160616-0ubuntu1 67 canonical - modem-manager 1.6.2-3 39 canonical - network-manager 1.2.2-11 115 canonical - snapweb 0.21.2 24 canonical - tpm2 1.0-4 18 canonical - udisks2 2.1.7-7 60 canonical - uefi-fw-tools 1.2.1-0.7.2+git 3 canonical - wifi-ap 13 93 canonical -
2017-03-17 23:28:29	Tony Espy	description	While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a single remaining apparmor denial that should be analyzed and fixed: Capability denial: apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" capability=1 capname="dac_override" Here's my snap configuration: admin@HGPLB02:~$ snap list Name Version Rev Developer Notes alsa-utils 1.1.2-5 68 canonical - bluez 5.37-2 15 canonical - caracalla 16.04-1.17 22 canonical - caracalla-kernel 4.4.0 27 canonical - core 16-2 1441 canonical - locationd 3.0.0+16.10.20160616-0ubuntu1 67 canonical - modem-manager 1.6.2-3 39 canonical - network-manager 1.2.2-11 115 canonical - snapweb 0.21.2 24 canonical - tpm2 1.0-4 18 canonical - udisks2 2.1.7-7 60 canonical - uefi-fw-tools 1.2.1-0.7.2+git 3 canonical - wifi-ap 13 93 canonical -	While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a three remaining apparmor denial that should be analyzed and fixed: Mar 17 22:56:30 HGPLB02 kernel: [ 37.345676] audit: type=1400 audit(1489791390.527:89): apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" capability=1 capname="dac_override" Mar 17 22:56:35 HGPLB02 kernel: [ 42.417241] audit: type=1400 audit(1489791395.595:116): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Mar 17 22:56:35 HGPLB02 kernel: [ 42.536214] audit: type=1400 audit(1489791395.711:119): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Here's my snap configuration: admin@HGPLB02:~$ snap list Name Version Rev Developer Notes alsa-utils 1.1.2-5 68 canonical - bluez 5.37-2 15 canonical - caracalla 16.04-1.17 22 canonical - caracalla-kernel 4.4.0 27 canonical - core 16-2 1441 canonical - locationd 3.0.0+16.10.20160616-0ubuntu1 67 canonical - modem-manager 1.6.2-3 39 canonical - network-manager 1.2.2-11 115 canonical - snapweb 0.21.2 24 canonical - tpm2 1.0-4 18 canonical - udisks2 2.1.7-7 60 canonical - uefi-fw-tools 1.2.1-0.7.2+git 3 canonical - wifi-ap 13 93 canonical -
2017-03-18 00:00:05	Tony Espy	summary	[network-manager] miscellaneous Apparmor DENIALs	[network-manager] Apparmor DENIALs
2017-03-18 00:01:48	Tony Espy	description	While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a three remaining apparmor denial that should be analyzed and fixed: Mar 17 22:56:30 HGPLB02 kernel: [ 37.345676] audit: type=1400 audit(1489791390.527:89): apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" capability=1 capname="dac_override" Mar 17 22:56:35 HGPLB02 kernel: [ 42.417241] audit: type=1400 audit(1489791395.595:116): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Mar 17 22:56:35 HGPLB02 kernel: [ 42.536214] audit: type=1400 audit(1489791395.711:119): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Here's my snap configuration: admin@HGPLB02:~$ snap list Name Version Rev Developer Notes alsa-utils 1.1.2-5 68 canonical - bluez 5.37-2 15 canonical - caracalla 16.04-1.17 22 canonical - caracalla-kernel 4.4.0 27 canonical - core 16-2 1441 canonical - locationd 3.0.0+16.10.20160616-0ubuntu1 67 canonical - modem-manager 1.6.2-3 39 canonical - network-manager 1.2.2-11 115 canonical - snapweb 0.21.2 24 canonical - tpm2 1.0-4 18 canonical - udisks2 2.1.7-7 60 canonical - uefi-fw-tools 1.2.1-0.7.2+git 3 canonical - wifi-ap 13 93 canonical -	While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a apparmor denials being generated by the config hook: Mar 17 23:47:12 localhost kernel: [ 84.821804] audit: type=1400 audit(1489794432.859:36): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.823748] audit: type=1400 audit(1489794432.863:37): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.823986] audit: type=1400 audit(1489794432.863:38): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.844777] audit: type=1400 audit(1489794432.883:39): apparmor="DENIED" operation="open" profile="snap.network-manager.hook.configure" name="/run/snapd.socket" pid=2602 comm="snapctl" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Then a further three denials are see after: Mar 17 22:56:30 HGPLB02 kernel: [ 37.345676] audit: type=1400 audit(1489791390.527:89): apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" capability=1 capname="dac_override" Mar 17 22:56:35 HGPLB02 kernel: [ 42.417241] audit: type=1400 audit(1489791395.595:116): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Mar 17 22:56:35 HGPLB02 kernel: [ 42.536214] audit: type=1400 audit(1489791395.711:119): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Here's my snap configuration: admin@HGPLB02:~$ snap list Name Version Rev Developer Notes alsa-utils 1.1.2-5 68 canonical - bluez 5.37-2 15 canonical - caracalla 16.04-1.17 22 canonical - caracalla-kernel 4.4.0 27 canonical - core 16-2 1441 canonical - locationd 3.0.0+16.10.20160616-0ubuntu1 67 canonical - modem-manager 1.6.2-3 39 canonical - network-manager 1.2.2-11 115 canonical - snapweb 0.21.2 24 canonical - tpm2 1.0-4 18 canonical - udisks2 2.1.7-7 60 canonical - uefi-fw-tools 1.2.1-0.7.2+git 3 canonical - wifi-ap 13 93 canonical -
2017-03-18 00:05:17	Tony Espy	description	While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a apparmor denials being generated by the config hook: Mar 17 23:47:12 localhost kernel: [ 84.821804] audit: type=1400 audit(1489794432.859:36): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.823748] audit: type=1400 audit(1489794432.863:37): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.823986] audit: type=1400 audit(1489794432.863:38): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.844777] audit: type=1400 audit(1489794432.883:39): apparmor="DENIED" operation="open" profile="snap.network-manager.hook.configure" name="/run/snapd.socket" pid=2602 comm="snapctl" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Then a further three denials are see after: Mar 17 22:56:30 HGPLB02 kernel: [ 37.345676] audit: type=1400 audit(1489791390.527:89): apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" capability=1 capname="dac_override" Mar 17 22:56:35 HGPLB02 kernel: [ 42.417241] audit: type=1400 audit(1489791395.595:116): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Mar 17 22:56:35 HGPLB02 kernel: [ 42.536214] audit: type=1400 audit(1489791395.711:119): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Here's my snap configuration: admin@HGPLB02:~$ snap list Name Version Rev Developer Notes alsa-utils 1.1.2-5 68 canonical - bluez 5.37-2 15 canonical - caracalla 16.04-1.17 22 canonical - caracalla-kernel 4.4.0 27 canonical - core 16-2 1441 canonical - locationd 3.0.0+16.10.20160616-0ubuntu1 67 canonical - modem-manager 1.6.2-3 39 canonical - network-manager 1.2.2-11 115 canonical - snapweb 0.21.2 24 canonical - tpm2 1.0-4 18 canonical - udisks2 2.1.7-7 60 canonical - uefi-fw-tools 1.2.1-0.7.2+git 3 canonical - wifi-ap 13 93 canonical -	While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a apparmor denials being generated by the config hook: Mar 17 23:47:12 localhost kernel: [ 84.821804] audit: type=1400 audit(1489794432.859:36): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.823748] audit: type=1400 audit(1489794432.863:37): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.823986] audit: type=1400 audit(1489794432.863:38): apparmor="DENIED" operation="create" profile="snap.network-manager.hook.configure" pid=2602 comm="snapctl" family="inet6" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create" Mar 17 23:47:12 localhost kernel: [ 84.844777] audit: type=1400 audit(1489794432.883:39): apparmor="DENIED" operation="open" profile="snap.network-manager.hook.configure" name="/run/snapd.socket" pid=2602 comm="snapctl" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 Another set looks involve nmcli: Mar 17 23:49:09 localhost kernel: [ 201.327213] audit: type=1400 audit(1489794549.968:321): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=4905 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.network-manager.nmcli" [log message above repeated 9 more times] Then a further three denials are see after: Mar 17 22:56:30 HGPLB02 kernel: [ 37.345676] audit: type=1400 audit(1489791390.527:89): apparmor="DENIED" operation="capable" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" capability=1 capname="dac_override" Mar 17 22:56:35 HGPLB02 kernel: [ 42.417241] audit: type=1400 audit(1489791395.595:116): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Mar 17 22:56:35 HGPLB02 kernel: [ 42.536214] audit: type=1400 audit(1489791395.711:119): apparmor="DENIED" operation="ptrace" profile="snap.network-manager.networkmanager" pid=1501 comm="NetworkManager" requested_mask="trace" denied_mask="trace" peer="snap.wifi-ap.management-service" Here's my snap configuration: admin@HGPLB02:~$ snap list Name Version Rev Developer Notes alsa-utils 1.1.2-5 68 canonical - bluez 5.37-2 15 canonical - caracalla 16.04-1.17 22 canonical - caracalla-kernel 4.4.0 27 canonical - core 16-2 1441 canonical - locationd 3.0.0+16.10.20160616-0ubuntu1 67 canonical - modem-manager 1.6.2-3 39 canonical - network-manager 1.2.2-11 115 canonical - snapweb 0.21.2 24 canonical - tpm2 1.0-4 18 canonical - udisks2 2.1.7-7 60 canonical - uefi-fw-tools 1.2.1-0.7.2+git 3 canonical - wifi-ap 13 93 canonical -
2017-03-19 12:22:15	Simon Fels	snappy-hwe-snaps: importance	Undecided	Medium
2017-03-19 12:22:20	Simon Fels	snappy-hwe-snaps: status	New	Triaged
2017-07-18 18:38:21	Simon Fels	snappy-hwe-snaps: status	Triaged	Fix Committed
2017-07-18 18:38:25	Simon Fels	snappy-hwe-snaps: assignee		Simon Fels (morphis)
2018-10-17 14:48:04	Tony Espy	snappy-hwe-snaps: status	Fix Committed	Fix Released