Ubuntu
snapd package

Bug #1667480
Activity log

Activity log for bug #1667480

Date	Who	What changed	Old value	New value	Message
2017-02-23 21:16:29	Pat McGowan	bug			added bug
2017-02-23 21:16:49	Pat McGowan	description	While running any browser/webapp on the arm64 dragonboard, they would not run iunser strict confinement. Per jdstrand we need browser support Other denials to udev and attr/current Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000	While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement. Per jdstrand we need browser support Other denials to udev and attr/current Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
2017-02-23 21:17:03	Pat McGowan	description	While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement. Per jdstrand we need browser support Other denials to udev and attr/current Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000	While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement. Per jdstrand we need browser-support Other denials to udev and attr/current Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
2017-02-23 21:21:17	Jamie Strandboge	description	While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement. Per jdstrand we need browser-support Other denials to udev and attr/current Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000	While running any browser/webapp on the arm64 dragonboard, they would not run under strict confinement. Per jdstrand we need browser-support as an implicit interface, not just implicit classic. Other denials to udev and attr/current Feb 23 21:07:47 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:47 patsdragon kernel: audit: type=1400 audit(1487884067.942:3248): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/run/udev/data/+platform:1a00000.qcom,mdss_mdp" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 23 21:07:48 patsdragon audit[4036]: AVC apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 23 21:07:48 patsdragon kernel: audit: type=1400 audit(1487884068.074:3251): apparmor="DENIED" operation="open" profile="snap.testdemo.testdemo" name="/proc/4036/attr/current" pid=4036 comm="webapp-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
2017-02-23 21:21:27	Jamie Strandboge	tags		snapd-interface
2017-02-23 21:21:32	Jamie Strandboge	snapd (Ubuntu): status	New	Triaged
2017-02-23 21:21:35	Jamie Strandboge	snapd (Ubuntu): importance	Undecided	Medium
2017-02-23 21:21:38	Jamie Strandboge	snapd (Ubuntu): assignee		Jamie Strandboge (jdstrand)
2017-02-27 20:09:52	Jamie Strandboge	snapd (Ubuntu): status	Triaged	In Progress
2017-02-28 22:01:49	Jamie Strandboge	snapd (Ubuntu): status	In Progress	Fix Committed
2017-06-26 14:30:52	Amr Ibrahim	snapd (Ubuntu): status	Fix Committed	Fix Released

Ubuntusnapd package

Activity log for bug #1667480

Ubuntu
snapd package