Running command can end up with wrong security profile if refreshed

Bug #1665438 reported by Ted Gould on 2017-02-16
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snappy
High
Zygmunt Krynicki

Bug Description

Description:

If I have a package that has a command, and I run that command on the command line, while it is running it is possible that the package revision would be changed (probably via an upgrade of some type, but could be anything). In that case, a new security profile is created based on the interfaces in the new current revision of the package. It is reasonable that these two revisions would have different interfaces in their configuration. Since it has the same name in both revisions it is replaced and applied to the running process.

Expected Behavior:

I would expect that running command would continue with the security profile matching the revision of the package it is running from.

Michael Vogt (mvo) on 2017-02-17
Changed in snappy:
status: New → Triaged
importance: Undecided → High
Zygmunt Krynicki (zyga) wrote :

So this is an interesting problem. If we end up fixing it it will mean that profiles are associated with snap revisions. For seccomp that is not a problem. For apparmor we will have to change how we talk to snap-confine and how we apply the profile. The bigger issue is that some things have no way to express this (e.g. the kmod backend). For other backends we might try to encode the revision of the snap in the name of the security label.

Zygmunt Krynicki (zyga) on 2017-02-17
Changed in snappy:
assignee: nobody → Zygmunt Krynicki (zyga)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers