Robert, your comment "Enabling network access for all snaps just to make
them compatible with NFS don't seems to be a perfect solution from the
security perspective" is exactly right. It is not possible (currently)
to only allow networking for NFS. This may be possible at some point in
the future w
Will there be an Update of the installation package? Will the lines
#include
#include
be included?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662552
Title:
snaps don't work with NFS home /ho
On Fri, Feb 10, 2017 at 08:15:42AM -, Robert Redl wrote:
> 2. Including #include directly below
> /usr/lib/snapd/snap-confine flags=(attach_disconnected) works. It don't
> seems to be necessary to include #include
You may have trouble killing the processes running in this domain from
unconfi
1. I already had @{HOMEDIRS}+=/home/*/ and I did not forget to reload.
However, the audit message still refers to /home/r/, which is the actual
parent directory of my home directory.
2. Including #include directly below
/usr/lib/snapd/snap-confine flags=(attach_disconnected) works. It don't
seems
Ok, that makes a lot of sense. snap-confine needs to be update to work
on nfs (eg, add 'network inet, network inet6,'. Based on
'name="/home/r/"' it looks like you are still using the
'@{HOMEDIRS}+=/home/u/' change to the home tunable (or perhaps you
didn't reload snap-confine's profile after chang
Feb 9 09:57:30 hostname kernel: [ 2070.523056] audit: type=1400
audit(1486630650.755:1460): apparmor="DENIED" operation="sendmsg"
profile="/usr/lib/snapd/snap-confine" pid=15768 comm="snap-confine"
laddr=ip_of_local_host lport=917 faddr=ip_of_nfs_server fport=2049
family="inet" sock_type="stre
Can you paste the output of "grep audit /var/log/syslog" at the time
right after the denial?
** This bug is no longer a duplicate of bug 1620771
when /home is somewhere else, snaps don't work
** Changed in: snapd (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notifi
*** This bug is a duplicate of bug 1620771 ***
https://bugs.launchpad.net/bugs/1620771
Thanks for the fast reply! Unfortunately, the problem is not solved.
The
@{HOMEDIRS}+=/home/*/
line solves the location issue (as in bug #1620771 and bug #1592696), but here
the location don't seems to be
*** This bug is a duplicate of bug 1620771 ***
https://bugs.launchpad.net/bugs/1620771
Thank you for filing a bug! This is essentially a duplicate of bug
#1620771. You have identified the issue precisely and need to update
@{HOMEDIRS} for your site. This can be done in a couple of ways such as
