FYI, this came up in another snapd context in support of snap parallel installs. It is worked around, but would be nice if this was fixed.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1612393 Title: mount -> @{HOME}/... denial Status in apparmor package in Ubuntu: New Bug description: When using apparmor variables for the mountpoint in mount rules, the parser will parse the rule but the kernel blocks it. Eg, this works: # works mount -> /home/*/mnt/, This doesn't: mount -> @{HOME}/mnt/, audit: type=1400 audit(1470943929.750:482): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="test" name="/home/jamie/mnt/" pid=25573 comm="fusexmp" fstype="fuse.fusexmp" srcname="fusexmp" flags="rw, nosuid, nodev" I did not test the srcname. Attached is a reproducer and profile. $ mkdir ~/mnt $ gcc -Wall ./fusexmp.c `pkg-config fuse --cflags --libs` -o fusexmp $ sudo apparmor_parser -r /tmp/apparmor.profile && sudo aa-exec -p test ./fusexmp ~/mnt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1612393/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
