2017-02-23 21:16:29 |
Pat McGowan |
bug |
|
|
added bug |
2017-02-23 21:16:49 |
Pat McGowan |
description |
While running any browser/webapp on the arm64 dragonboard, they would not run iunser strict confinement.
Per jdstrand we need browser support
Other denials to udev and attr/current
Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 |
While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement.
Per jdstrand we need browser support
Other denials to udev and attr/current
Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 |
|
2017-02-23 21:17:03 |
Pat McGowan |
description |
While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement.
Per jdstrand we need browser support
Other denials to udev and attr/current
Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 |
While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement.
Per jdstrand we need browser-support
Other denials to udev and attr/current
Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 |
|
2017-02-23 21:21:17 |
Jamie Strandboge |
description |
While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement.
Per jdstrand we need browser-support
Other denials to udev and attr/current
Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 |
While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement.
Per jdstrand we need browser-support as an implicit interface, not just implicit classic.
Other denials to udev and attr/current
Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 |
|
2017-02-23 21:21:27 |
Jamie Strandboge |
tags |
|
snapd-interface |
|
2017-02-23 21:21:32 |
Jamie Strandboge |
snapd (Ubuntu): status |
New |
Triaged |
|
2017-02-23 21:21:35 |
Jamie Strandboge |
snapd (Ubuntu): importance |
Undecided |
Medium |
|
2017-02-23 21:21:38 |
Jamie Strandboge |
snapd (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
2017-02-27 20:09:52 |
Jamie Strandboge |
snapd (Ubuntu): status |
Triaged |
In Progress |
|
2017-02-28 22:01:49 |
Jamie Strandboge |
snapd (Ubuntu): status |
In Progress |
Fix Committed |
|
2017-06-26 14:30:52 |
Amr Ibrahim |
snapd (Ubuntu): status |
Fix Committed |
Fix Released |
|