I don't know how to get seccomp denials. Without --devmode, I get "Bad system call", a killed process, and nothing in syslog that looks promising.
$ snappy-debug.security scanlog WARN: Could not set kernel rate limiting
= AppArmor = Time: May 27 18:26:29 Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 File: /home/.ecryptfs/cmiller/.Private/ (write) Suggestion: * adjust program to write to $SNAP_DATA or $SNAP_USER_DATA
= AppArmor = Time: May 27 18:26:29 Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 File: /home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ (write) Suggestion: * adjust program to write to $SNAP_DATA or $SNAP_USER_DATA
= AppArmor = Time: May 27 18:26:29 Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 File: /home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/ (write) Suggestion: * adjust program to write to $SNAP_DATA or $SNAP_USER_DATA
= AppArmor = Time: May 27 18:26:29 Log: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVU1RPVUAnysWJtdM9.Q7n0E--/" pid=19129 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 File: /home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVmlGoq0dj7d2FKctk3XIkSU--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVU1RPVUAnysWJtdM9.Q7n0E--/ (write) Suggestion: * adjust program to write to $SNAP_DATA or $SNAP_USER_DATA
I don't know how to get seccomp denials. Without --devmode, I get "Bad system call", a killed process, and nothing in syslog that looks promising.
$ snappy- debug.security scanlog
WARN: Could not set kernel rate limiting
= AppArmor = "/usr/bin/ ubuntu- core-launcher" name="/ home/.ecryptfs/ cmiller/ .Private/ " pid=19129 comm="ubuntu- core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 ecryptfs/ cmiller/ .Private/ (write)
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile=
File: /home/.
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA
= AppArmor = "/usr/bin/ ubuntu- core-launcher" name="/ home/.ecryptfs/ cmiller/ .Private/ ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVm2NAu0yQB QyD7yyIFBnaJE- -/" pid=19129 comm="ubuntu- core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 ecryptfs/ cmiller/ .Private/ ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVm2NAu0yQB QyD7yyIFBnaJE- -/ (write)
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile=
File: /home/.
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA
= AppArmor = "/usr/bin/ ubuntu- core-launcher" name="/ home/.ecryptfs/ cmiller/ .Private/ ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVm2NAu0yQB QyD7yyIFBnaJE- -/ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVmlGoq0dj7 d2FKctk3XIkSU- -/" pid=19129 comm="ubuntu- core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 ecryptfs/ cmiller/ .Private/ ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVm2NAu0yQB QyD7yyIFBnaJE- -/ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVmlGoq0dj7 d2FKctk3XIkSU- -/ (write)
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile=
File: /home/.
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA
= AppArmor = "/usr/bin/ ubuntu- core-launcher" name="/ home/.ecryptfs/ cmiller/ .Private/ ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVm2NAu0yQB QyD7yyIFBnaJE- -/ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVmlGoq0dj7 d2FKctk3XIkSU- -/ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVU1RPVUAny sWJtdM9. Q7n0E-- /" pid=19129 comm="ubuntu- core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000 ecryptfs/ cmiller/ .Private/ ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVm2NAu0yQB QyD7yyIFBnaJE- -/ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVmlGoq0dj7 d2FKctk3XIkSU- -/ECRYPTFS_ FNEK_ENCRYPTED. FWb4VZJUL514cES vVcp5DUiJnlmnLb K3jZjVU1RPVUAny sWJtdM9. Q7n0E-- / (write)
Time: May 27 18:26:29
Log: apparmor="DENIED" operation="open" profile=
File: /home/.
Suggestion:
* adjust program to write to $SNAP_DATA or $SNAP_USER_DATA