** Also affects: snap-confine (Ubuntu)
** Changed in: snap-confine (Ubuntu)
Status: New => Fix Released
** Also affects: snap-confine (Ubuntu Xenial)
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
/dev/pts/# denial when running snap-confine under sshd configured for
Status in Snappy Launcher:
Status in snap-confine package in Ubuntu:
Status in snap-confine source package in Xenial:
When snap-confine itself is invoked over an SSH connection, with ssh
using non-standard Apparmor confinement, snap-confine would fail.
This change was introduced by a member of the security team who is
using this non-standard configuration.
* Minimal, snap-confine has a more permissive apparmor profile that
allows it to access /dev/pts/[0-9]* for both reading and writing.
* This bug is a part of a major SRU that brings snap-confine in Ubuntu
16.04 in line with the current upstream release 1.0.41.
* snap-confine is technically an integral part of snapd which has an
SRU exception and is allowed to introduce new features and take
advantage of accelerated procedure. For more information see
== # Pre-SRU bug description follows # ==
Logging into an Ubuntu 16.04 machine that has a confined sshd and
running 'hello-world', I see this denial:
kernel: [180734.692698] audit: type=1400 audit(1473365455.056:98):
apparmor="DENIED" operation="file_inherit" profile="/usr/lib/snapd
/snap-confine" name="/dev/pts/2" pid=28375 comm="ubuntu-core-lau"
requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
What is happening is that the fd is being remediated since it is not
coming from an unconfined process. Fix is:
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help : https://help.launchpad.net/ListHelp