Snappy

  1. Bug #1586547
  2. Comment #2

Comment 2 for bug 1586547

Revision history for this message
Chad Miller (cmiller) wrote : Re: snappy needs security policy for chromium

I don't know how to get seccomp denials. Without --devmode, I get "Bad system call", a killed process, and nothing in syslog that looks promising.

$ snappy-debug.security scanlog
WARN: Could not set kernel rate limiting

= AppArmor =
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
File: /home/.ecryptfs/cmiller/.Private/ (write)
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA

= AppArmor =
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
File: /home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ (write)
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA

= AppArmor =
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
File: /home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/ (write)
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA

= AppArmor =
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVU1RPVUAnysWJtdM9.Q7n0E--/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
File: /home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVU1RPVUAnysWJtdM9.Q7n0E--/ (write)
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA