Snappy

webdm apparmor denials

Bug #1448225 reported by Jamie Strandboge on 2015-04-24

This bug affects 2 people

Affects

Status

Importance

Assigned to

Milestone

Snappy

Fix Released

Undecided

Unassigned

You need to log in to change this bug's status.

Affecting:	Snappy
Filed here by:	Jamie Strandboge
When:	2015-04-24
Confirmed:	2015-08-25
Started work:	2015-08-25
Completed:	2015-08-25

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance
	Undecided

Assigned to

	Nobody
	Me

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

From snappy-dev@:
Apr 24 00:53:32 localhost kernel: [65181.037479] audit: type=1400
audit(1429836812.172:11): apparmor="DENIED" operation="open"
profile="webdm.canonical_avahi_0.5"
name="/proc/sys/net/core/somaxconn" pid=1985 comm="metabin"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Apr 24 00:53:32 localhost ubuntu-core-launcher[1985]: 2015/04/24
00:53:32 gmx: unable to open local socket: listen unix
/tmp/snaps/webdm.canonical/0.5/tmp/.gmx.1985.0: bind: no such file or
directory

These rules should be added to the apparmor policy:
  @{PROC}/sys/net/core/somaxconn r,
  /tmp/snaps/@{APP_PKGNAME}/ r,
  /tmp/snaps/@{APP_PKGNAME}/** rk,
  /tmp/snaps/@{APP_PKGNAME}/@{APP_VERSION}/ rw,
  /tmp/snaps/@{APP_PKGNAME}/@{APP_VERSION}/** mrwlkix,

Note: something needs to still create /tmp/snaps/@{APP_PKGNAME}.

Add tags Tag help

Michael Terry (mterry) on 2015-05-18

affects:

snappy-ubuntu → snappy

Michael Vogt (mvo) on 2015-08-25

Changed in snappy:
status:	New → Fix Released

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers