** Description changed: + [Impact] + + TBD + + [Test Case] + + TBD + + [Regression Potential] + + TBD + + [Other Info] + + * snap-confine is technically an integral part of snapd which has an SRU + exception and is allowed to introduce new features and take advantage of + accelerated procedure. For more information see + https://wiki.ubuntu.com/SnapdUpdates + + == # Pre-SRU bug description follows # == + [ 2526.693811] (1)[30640:ubuntu-core-lau]type=1400 audit(1476430414.677:434): apparmor="DENIED" operation="ptrace" profile="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=30640 comm="ubuntu-core-lau" requested_mask="read" denied_mask="read" peer="/usr/lib/snapd/snap-confine" [ 2526.693845] (1)[30640:ubuntu-core-lau]type=1400 audit(1476430414.677:435): apparmor="DENIED" operation="ptrace" profile="/usr/lib/snapd/snap-confine" pid=30640 comm="ubuntu-core-lau" requested_mask="readby" denied_mask="readby" peer="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" [ 3512.751438] (1)[8128:ubuntu-core-lau]type=1400 audit(1476431400.737:502): apparmor="DENIED" operation="ptrace" profile="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=8128 comm="ubuntu-core-lau" requested_mask="read" denied_mask="read" peer="/usr/lib/snapd/snap-confine" So we need to modify /etc/apparmor.d/usr.lib.snapd.snap-confine as: /usr/lib/snapd/snap-confine flags=(attach_disconnected) { - ... - ptrace (read, readby, tracedby) ... + ... + ptrace (read, readby, tracedby) ... - ^mount-namespace-capture-helper flags=(attach_disconnected) { - ... - ptrace (read, trace, tracedby) ... + ^mount-namespace-capture-helper flags=(attach_disconnected) { + ... + ptrace (read, trace, tracedby) ...
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1633367 Title: missing ptrace options needed by snap-confine To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1633367/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
