"enable" does not apply connected slot security policy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Fix Released
|
High
|
Zygmunt Krynicki |
Bug Description
Using:
snap 2.26.14+
snapd 2.26.14+
When enabling/disabling a snap that is connected to a slot, the Rules that apply to the connected slot apparently don't run.
For example, when installing mir-kiosk and mir-kiosk-apps, you can see the following crucial apparmor rule applied to mir-kiosk, which allows it to receive data from mir-kiosk-apps, as they are connected through the mir interface:
cat /var/lib/
unix (receive, send) type=seqpacket addr=none peer=(label=
However, after doing snap disable mir-kiosk-apps; snap enable mir-kiosk-apps, the rule is no longer applied.
Changed in snappy: | |
assignee: | nobody → Zygmunt Krynicki (zyga) |
affects: | snappy → snapd |
Changed in snapd: | |
status: | New → Triaged |
importance: | Undecided → High |
I can still reproduce this git master. I remember we fixed an issue with disable/enable a while ago.