Snappy

Consider allowing access to @{PROC}/@{pid}/limits

Bug #1613686 reported by Jacek Nykis on 2016-08-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Snappy	Fix Released	Medium	Jamie Strandboge	Snappy 2.15

I created snap for a monitoring system (prometheus) and it periodically wants to read /proc/<pid>/limits.

It would be good to allow read access to this file. I think it may be common for server software to try that access.

This line should do it:
@{PROC}/@{pid}/limits r,

$ snap --version
snap 2.11+0.16.04
snapd 2.11+0.16.04
series 16
ubuntu 16.04

Tags:

Zygmunt Krynicki (zyga) on 2016-08-16

Changed in snappy:
status:	New → Triaged

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-08-16:

This is fine to add to the default apparmor template.

tags:

added: snapd-interface

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2016-08-16:

This is the rule that should be used:

owner @{PROC}/@{pid}/limits r,

I can do it in my next batch of policy updates.

Jamie Strandboge (jdstrand) on 2016-08-26

Changed in snappy:
assignee:	nobody → Jamie Strandboge (jdstrand)
status:	Triaged → In Progress

Jamie Strandboge (jdstrand) on 2016-08-31

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2017-01-05:

2.20 fixes this issue.

Changed in snappy:
status:	Fix Committed → Fix Released

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.