Ubuntu
apparmor package

  1. Bug #1611078
  2. Comment #31

Comment 31 for bug 1611078

Revision history for this message
dt9394 (dknyvice) wrote :

Latest snap-confine seem break the lxd snap function. It used to work until recent update.

snap-confine 2.22.6
lxd 2.12-0ubuntu3~ubuntu16.04.1~ppa1
linux-image-4.4.0-72-generic 4.4.0-72.93

Apr 18 15:33:22 snapbox audit[15919]: AVC apparmor="DENIED" operation="file_inherit" namespace="root//lxd-devbox_<var-lib-lxd>" profile="/usr/lib/snapd/snap-confine" name="/dev/tty" pid=15919 comm="snap-confine" requested_mask="wr" denied_mask="wr" fsuid=265536 ouid=0
Apr 18 15:33:22 snapbox audit[15919]: SYSCALL arch=c000003e syscall=59 success=yes exit=0 a0=c820161b00 a1=c820194150 a2=c82008bb20 a3=0 items=2 ppid=15917 pid=15919 auid=4294967295 uid=265536 gid=265536 euid=265536 suid=265536 fsuid=265536 egid=265536 sgid=265536 fsgid=265536 tty=(none) ses=4294967295 comm="snap-confine" exe="/usr/lib/snapd/snap-confine" key=(null)
Apr 18 15:33:22 snapbox audit: BPRM_FCAPS fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000003ffdfcffff old_pi=0000000000000000 old_pe=0000003ffdfcffff new_pp=0000003ffdfcffff new_pi=0000000000000000 new_pe=0000003ffdfcffff
Apr 18 15:33:22 snapbox audit: EXECVE argc=4 a0="/usr/lib/snapd/snap-confine" a1="snap.hello-world.hello-world" a2="/usr/lib/snapd/snap-exec" a3="hello-world"
Apr 18 15:33:22 snapbox audit: CWD cwd="/home/ubuntu"
Apr 18 15:33:22 snapbox audit: PATH item=0 name="/usr/lib/snapd/snap-confine" inode=27527378 dev=08:02 mode=0104755 ouid=265536 ogid=265536 rdev=00:00 nametype=NORMAL
Apr 18 15:33:22 snapbox audit: PATH item=1 name="/lib64/ld-linux-x86-64.so.2" inode=19678033 dev=08:02 mode=0100755 ouid=265536 ogid=265536 rdev=00:00 nametype=NORMAL