Robert, your comment "Enabling network access for all snaps just to make
them compatible with NFS don't seems to be a perfect solution from the
security perspective" is exactly right. It is not possible (currently)
to only allow networking for NFS. This may be possible at some point in
the future
Will there be an Update of the installation package? Will the lines
#include
#include
be included?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662552
Title:
snaps don't work with NFS home
On Fri, Feb 10, 2017 at 08:15:42AM -, Robert Redl wrote:
> 2. Including #include directly below
> /usr/lib/snapd/snap-confine flags=(attach_disconnected) works. It don't
> seems to be necessary to include #include
You may have trouble killing the processes running in this domain from
1. I already had @{HOMEDIRS}+=/home/*/ and I did not forget to reload.
However, the audit message still refers to /home/r/, which is the actual
parent directory of my home directory.
2. Including #include directly below
/usr/lib/snapd/snap-confine flags=(attach_disconnected) works. It don't
Ok, that makes a lot of sense. snap-confine needs to be update to work
on nfs (eg, add 'network inet, network inet6,'. Based on
'name="/home/r/"' it looks like you are still using the
'@{HOMEDIRS}+=/home/u/' change to the home tunable (or perhaps you
didn't reload snap-confine's profile after
Feb 9 09:57:30 hostname kernel: [ 2070.523056] audit: type=1400
audit(1486630650.755:1460): apparmor="DENIED" operation="sendmsg"
profile="/usr/lib/snapd/snap-confine" pid=15768 comm="snap-confine"
laddr=ip_of_local_host lport=917 faddr=ip_of_nfs_server fport=2049
family="inet"
Can you paste the output of "grep audit /var/log/syslog" at the time
right after the denial?
** This bug is no longer a duplicate of bug 1620771
when /home is somewhere else, snaps don't work
** Changed in: snapd (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug
*** This bug is a duplicate of bug 1620771 ***
https://bugs.launchpad.net/bugs/1620771
Thanks for the fast reply! Unfortunately, the problem is not solved.
The
@{HOMEDIRS}+=/home/*/
line solves the location issue (as in bug #1620771 and bug #1592696), but here
the location don't seems to be
*** This bug is a duplicate of bug 1620771 ***
https://bugs.launchpad.net/bugs/1620771
Thank you for filing a bug! This is essentially a duplicate of bug
#1620771. You have identified the issue precisely and need to update
@{HOMEDIRS} for your site. This can be done in a couple of ways such