I'm trying to snap a largish package; works fine in devmode, but as the app likes to use unix sockets and fifos, it fails in confined mode with
$ sudo /snap/bin/snappy-debug.security scanlog = AppArmor = Time: Oct 24 11:41:09 Log: apparmor="DENIED" operation="sendmsg" profile="snap.foo" pid=8536 comm="foo" family="unix" sock_type="dgram" protocol=0 requested_mask="send" denied_mask="send" addr=none peer_addr="@6E7669646961356165373434376600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" peer="unconfined" = Seccomp = Time: Oct 24 11:41:09 Log: auid=4294967295 uid=1001 gid=1001 ses=4294967295 pid=8536 comm="foo" exe="/snap/foo/x7/bin/foo" sig=31 arch=c000003e 133(mknod) compat=0 ip=0x7f17f6fb542d code=0x0 Syscall: mknod Any suggestions (other than 'don't do that')? I imagine there's a way to configure both apparmor and seccomp for snaps, but haven't found it yet. https://wiki.ubuntu.com/SecurityTeam/Specifications/SnappyConfinement has some clues http://askubuntu.com/questions/796809/add-custom-apparmor-rules-to-snap seems on topic Should I be looking at the snapd source? (I see there's an apparmor interface, but maybe that's internal only...) -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
