[snap] apparmor denials on /sys/devices/virtual/dmi/id/sys_vendor and product_name
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When starting chromium's snap, those messages are logged:
Feb 6 12:34:17 foo kernel: [106190.836260] audit: type=1400 audit(158101045
Feb 6 12:34:17 foo kernel: [106190.836401] audit: type=1400 audit(158101045
Feb 6 12:34:17 foo chromium_
Chromium seemingly behaves OK but possibly with reduced sandboxing?
Additional info:
$ snap info chromium
name: chromium
summary: Chromium web browser, open-source version of Chrome
publisher: Canonical✓
contact: https:/
license: unset
description: |
An open-source browser project that aims to build a safer, faster, and more stable way for all
Internet users to experience the web.
commands:
- chromium.
- chromium
snap-id: XKEcBqPM06H1Z7z
tracking: stable
refresh-date: yesterday at 17:45 EST
channels:
stable: 80.0.3987.87 2020-02-05 (1016) 160MB -
candidate: 80.0.3987.87 2020-02-05 (1016) 160MB -
beta: 80.0.3987.85 2020-02-04 (1014) 160MB -
edge: 81.0.4040.5 2020-02-06 (1018) 161MB -
installed: 80.0.3987.87 (1016) 160MB -
$ uname -a
Linux simon-lemur 5.3.0-28-generic #30~18.04.1-Ubuntu SMP Fri Jan 17 06:14:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Also affected here, with alot more messages from audit: type=1400 apparmor="DENIED" operation="mknod / open / unlink / truncate / dbus_method_call etc..."
[ 7817.510475] audit: type=1400 audit(158219172 3.992:6264) : apparmor="DENIED" operation= "truncate" profile= "snap.chromium. chromium" name="/ home/username/ snap/chromium/ 1026/.config/ chromium/ Default/ Favicons- journal" pid=4639 comm="Chrome_ HistoryT" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000 2.100:6278) : apparmor="DENIED" operation="open" profile= "snap.chromium. chromium" name=2F686F6D65 2F756174702F736 E61702F6368726F 6D69756D2F31303 2362F2E636F6E66 69672F6368726F6 D69756D2F446566 61756C742F43757 272656E74205365 7373696F6E pid=4639 comm="ThreadPoo lForeg" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 3.756:6281) : apparmor="DENIED" operation="mknod" profile= "snap.chromium. chromium" name="/ home/username/ snap/chromium/ 1026/.config/ chromium/ .org.chromium. Chromium. mrO80f" pid=4639 comm="ThreadPoo lForeg" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 1.910:7069) : apparmor="DENIED" operation="unlink" profile= "snap.chromium. chromium" name="/ home/username/ snap/chromium/ 1026/.config/ chromium/ SingletonLock" pid=4639 comm="chrome" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000 4.023:7286) : pid=1299 uid=103 auid=4294967295 ses=4294967295 msg='apparmor= "DENIED" operation= "dbus_method_ call" bus="system" path="/" interface= "org.freedeskto p.DBus. ObjectManager" member= "GetManagedObje cts" mask="send" name="org.bluez" pid=11273 label=" snap.chromium. chromium"
[ 7825.615310] audit: type=1400 audit(158219173
[ 7827.273968] audit: type=1400 audit(158219173
[ 8365.423097] audit: type=1400 audit(158219227
[ 8417.535810] audit: type=1107 audit(158219232
$ snap list
Name Version Rev Tracking Publisher Notes
chromium 80.0.3987.116 1036 stable canonical✓ -
$ uname -a
Linux lacol 5.3.0-40-generic #32-Ubuntu SMP Fri Jan 31 20:24:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -rd
Description: Ubuntu 19.10
Release: 19.10