FYI I wondered what is different to e.g. curl which is also confined,
but I can confirm it is the same there.
First insight, if the program produces nothing at all it will not
trigger - hence for curl install apache2 and then fetch from 127.0.0.1
With that in /var/opt (where curl can not write per its profile) I see
the same:
root@q:/var/opt# curl 127.0.0.1 > foo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 10672 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (23) Failure writing output to destination, passed 10672 returned 0
[1230736.489669] audit: type=1400 audit(1756391855.321:5285): apparmor="DENIED"
operation="file_inherit" class="file"
namespace="root//lxd-q_<var-snap-lxd-common-lxd>" profile="curl"
name="/var/opt/foo" pid=2060052 comm="curl" requested_mask="w" denied_mask="w"
fsuid=1000000 ouid=1000000
[1230736.489684] audit: type=1400 audit(1756391855.321:5286): apparmor="DENIED"
operation="open" class="file" info="Failed name lookup - disconnected path"
error=-13 namespace="root//lxd-q_<var-snap-lxd-common-lxd>" profile="curl"
name="apparmor/.null" pid=2060052 comm="curl" requested_mask="wr"
denied_mask="wr" fsuid=1000000 ouid=0
The curl profile is a bit more lenient having /tmp and /home - but outside the
same issue as reported on free hits
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2121552
Title:
"free > file" blocked by apparmor inside questing lxd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121552/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
