On the all-snaps image, snappy-debug.security can't access syslog

Bug #1621324 reported by Leo Arias on 2016-09-08
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snappy
High
Unassigned
livecd-rootfs (Ubuntu)
Undecided
Unassigned
subiquity (Ubuntu)
Undecided
Unassigned

Bug Description

Tested in rpi2, using today's image from http://cdimage.ubuntu.com/ubuntu-snappy/16.04/current/ubuntu-core-16-pi2.img.xz

After boot and configuration, I logged in using ssh and installed snappy-debug to debug the snapweb problems. However, the snap can't access syslog even after connecting the plug:

elopio@localhost:~$ snappy-debug.security scanlog
sysctl: permission denied on key 'kernel.printk_ratelimit'
Could not open '/var/log/syslog'. Did you run 'sudo snap connect snappy-debug:log-observe ubuntu-core:log-observe'?
elopio@localhost:~$ sudo snap interfaces snappy-debug
Slot Plug
:log-observe snappy-debug

Oliver Grawert (ogra) wrote :

the user created by console-conf is not in the adm group which is the group used to allow log access in ubuntu

Oliver Grawert (ogra) wrote :

since the adm group is inside the readonly /etc/group, we should move it to /var/lob/extrausers/group, adding a livecd-rootfs task

Jamie Strandboge (jdstrand) wrote :

The snappy-debug message could also be improved. I'll make sure that happens.

Leo Arias (elopio) on 2016-09-08
affects: snapweb → snappy
Changed in snappy:
status: New → Confirmed
importance: Undecided → High
Michael Hudson-Doyle (mwhudson) wrote :

I don't think there's anything to do in console-conf for this.

Changed in subiquity (Ubuntu):
status: New → Invalid
Oliver Grawert (ogra) wrote :

well, console-conf creates the user and should add the user to the group ...

(adduser $user --extrausers adm)

Michael Hudson-Doyle (mwhudson) wrote :

Surely that's something that should be done by snap create-user --sudoer? I guess not. Nothing is possible here until the livecd bits get done anyway, right?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers