[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04

Alex Murray Tue, 05 Apr 2022 16:50:52 -0700

Thanks for the heads up @jdstrand - I am seeing this too - I also have
one more - fsetid:


$ journalctl -b0 -t audit --grep DENIED.*snap-confine
Apr 06 08:48:06 graphene audit[3733]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=3733 comm="snap-confine" 
capability=12  capname="net_admin"
Apr 06 08:48:06 graphene audit[3733]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=3733 comm="snap-confine" 
capability=38  capname="perfmon"
Apr 06 08:48:07 graphene audit[4545]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4545 comm="snap-confine" 
capability=12  capname="net_admin"
Apr 06 08:48:07 graphene audit[4545]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4545 comm="snap-confine" 
capability=38  capname="perfmon"
Apr 06 08:48:07 graphene audit[4614]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4614 comm="snap-confine" 
capability=12  capname="net_admin"
Apr 06 08:48:07 graphene audit[4614]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4614 comm="snap-confine" 
capability=38  capname="perfmon"
Apr 06 08:48:07 graphene audit[4682]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4682 comm="snap-confine" 
capability=12  capname="net_admin"
Apr 06 08:48:07 graphene audit[4682]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4682 comm="snap-confine" 
capability=38  capname="perfmon"
Apr 06 08:48:08 graphene audit[4745]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4745 comm="snap-confine" 
capability=12  capname="net_admin"
Apr 06 08:48:08 graphene audit[4745]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=4745 comm="snap-confine" 
capability=38  capname="perfmon"
Apr 06 08:48:26 graphene audit[8216]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=8216 comm="snap-confine" 
capability=12  capname="net_admin"
Apr 06 08:48:26 graphene audit[8216]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=8216 comm="snap-confine" 
capability=38  capname="perfmon"
Apr 06 08:48:27 graphene audit[8221]: AVC apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=8221 comm="snap-confine" capability=4 
 capname="fsetid"
Apr 06 08:49:22 graphene audit[11287]: AVC apparmor="DENIED" 
operation="capable" profile="/usr/lib/snapd/snap-confine" pid=11287 
comm="snap-confine" capability=12  capname="net_admin"
Apr 06 08:49:22 graphene audit[11287]: AVC apparmor="DENIED" 
operation="capable" profile="/usr/lib/snapd/snap-confine" pid=11287 
comm="snap-confine" capability=38  capname="perfmon"
Apr 06 08:49:22 graphene audit[11287]: AVC apparmor="DENIED" 
operation="capable" profile="/usr/lib/snapd/snap-confine" pid=11287 
comm="snap-confine" capability=4  capname="fsetid"
Apr 06 08:51:05 graphene audit[14806]: AVC apparmor="DENIED" 
operation="capable" profile="/usr/lib/snapd/snap-confine" pid=14806 
comm="snap-confine" capability=4  capname="fsetid"

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1967884

Title:
  several snap-confine denials for capability net_admin and perfmon on
  22.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04

Reply via email to