Snappy

"network" plug does not allow outbound ping

Bug #1699504 reported by Jacek Nykis on 2017-06-21

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Snappy	Invalid	Undecided	Unassigned

Bug Description

I'm trying to snap a monitoring daemon. I have the following lines in my snapcraft.yaml:

plugs: [network-bind, network]

But when the daemon tries to ping external hosts it's not allowed to:

audit: type=1400 audit(1498050973.735:72): apparmor="DENIED" operation="create" profile="snap.prometheus-blackbox-exporter.blackbox-exporter" pid=4043 comm="blackbox_export" family="inet" sock_type="raw" protocol=1 requested_mask="create" denied_mask="create"

snap 2.25
snapd 2.25
series 16
ubuntu 16.04
kernel 4.4.0-81-generic

Revision history for this message

Guy Taylor (thebiggerguy) wrote on 2017-06-29:

This also includes attempts at using "ping" via the command line.

[ 134.018690] audit: type=1400 audit(1498730790.150:24): apparmor="DENIED" operation="open" profile="snap.xxx.xxx" name="/bin/ping" pid=1347 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=

Revision history for this message

John Lenton (chipaca) wrote on 2017-06-29:

You need "network-observe", "network-control", or "firewall-control" for ping.

Changed in snappy:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.