Apparmor denial for access to SNAP_APP_USER_DATA_PATH as root
Bug #1466234 reported by
Stéphane Graber
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snappy |
Fix Released
|
Critical
|
Unassigned | ||
ubuntu-core-security (Ubuntu) |
Fix Released
|
Critical
|
Jamie Strandboge |
Bug Description
So apparently in current snappy, root has less rights than random joe.
That should be fixed.
21:31 < stgraber> [94170.804198] audit: type=1400 audit(143457656
21:32 < jdstrand> stgraber: oh, that is because we are using @{HOMEDIRS}/*/ instead of @{HOME}. @{HOMEDIRS}/*/ does not include /root.
Changed in snappy: | |
status: | New → Triaged |
importance: | Undecided → Critical |
Changed in snappy: | |
status: | In Progress → Confirmed |
assignee: | Kyle Fazzari (kyrofa) → nobody |
no longer affects: | ubuntu-core-launcher (Ubuntu) |
no longer affects: | ubuntu-snappy (Ubuntu) |
To post a comment you must log in.
This is an easy fix policy-wise. Ie, change all occurrences of '@{HOMEDIRS}/*/' to '@{HOME}/' in the policy. However, we actively decided that '/root' would not be included in the default policy, and I'd like to understand why. Is this for the FHS? How does this affect rollbacks? Is /root handled in the same manner as /home?