'aa_change_onexec failed with -1. errmsg: Permission denied'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-core-launcher (Ubuntu) |
Fix Released
|
Critical
|
Jamie Strandboge |
Bug Description
$ sudo apt-get install ubuntu-snappy
$ sudo snappy install ubuntu-core
$ sudo snappy install ubuntu-
$ ubuntu-
aa_change_onexec failed with -1. errmsg: Permission denied
[1]
There is an apparmor denial:
audit: type=1400 audit(145919496
Downgrading to ubuntu-
The hello-world app works ok (it needs ubuntu-
$ hello-world.env |grep SNAP=
SNAP=/snaps/
$ sudo /snaps/
SNAP=/snaps/
cap-test.mvo doesn't have this problem either:
$ sudo snappy install cap-test.mvo
$ cap-test.xbomb
If I disable the apparmor profile with: sudo apparmor_parser -R /etc/apparmor.
Downgrading to the -13 kernel resolves the issue:
$ cat /proc/version_
Ubuntu 4.4.0-13.29-generic 4.4.5
summary: |
- 'aa_change_onexec failed with -1. errmsg: Permission denied' with snaps - using 'unconfined' template + 'aa_change_onexec failed with -1. errmsg: Permission denied' |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
affects: | ubuntu-core-launcher (Ubuntu) → linux (Ubuntu) |
Changed in linux (Ubuntu): | |
assignee: | nobody → Tyler Hicks (tyhicks) |
importance: | Undecided → Critical |
status: | New → Confirmed |
description: | updated |
description: | updated |
tags: | added: apparmor |
Changed in linux (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in ubuntu-core-launcher (Ubuntu): | |
status: | In Progress → Fix Committed |
I took the hello-world application, then adjusted its yaml to be the same as the ubuntu-clock-app (using ubuntu-cl0ck-app as the name) and was unable to reproduce.