Le 13/11/2016 à 19:04, Chris a écrit : > On Sun, 2016-11-13 at 09:17 -0600, Chris wrote: >> On Sun, 2016-11-13 at 10:41 +0800, XiaoGuo Liu wrote: >>> Hi Chris, >>> >>> You may find the tips at https://github.com/snapcore/snapd/wiki/Sec >>> ur >>> ity. You may use the command like: >>> >>> $ scmp_sys_resolver 983045 >>> set_tls >>> to find out the security violation. >>> >>> Best regards, >>> XiaoGuo >>> >> Thank you XiaoGuo, so in my case I have syscall=272. Running >> >> chris@localhost:~$ scmp_sys_resolver 272 >> unshare >> >> I've installed snappy-debug but can't seem to get any kind of output >> when run. Maybe I'm using the wrong commands? >> > Replying to my own post. I wasn't running the snap whenever I ran > > sudo snappy-debug.security scanlog --all-entries cliqz > > Once I executed the snap from the menu with the above running I got > > chris@localhost:~$ sudo snappy-debug.security scanlog --all-entries > cliqz > kernel.printk_ratelimit = 0 > = Seccomp = > Time: Nov 13 11:49:59 > Log: auid=1000 uid=1000 gid=1000 ses=3 pid=29796 comm="cliqz" > exe="/snap/cliqz/6/opt/CLIQZ/CLIQZ" sig=31 arch=c000003e 272(unshare) > compat=0 ip=0x7ffacd899c19 code=0x0 > Syscall: unshare > > So, now it seems as there is a seccomp violation stopping the snap from > running, at least that's what it appears to me to be. Where would I go > from here? Contact the snap author?
Indeed, the snap author didn't set the confinement rules on his app. The snap should then be in devmode (but not published in the stable channel), to not create user frustration executing something which fails. Do you mind contacting upstream so that they work on confinement? Thanks! Didier -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
