Just a quick update - we looked at this and we think the apparmor
support in Debian is sufficient to enable it in snaps by
default.
This is being worked on in https://github.com/snapcore/snapd/pull/9936
and once that lands I will upload to Debian. The goal is within this
week.
In addition to the
Hi,
James Henstridge (2021-02-16):
> 2. As for why Debian is not being considered for "full" support,
> I suspect this is down to the out-of-tree patches to enable access
> control for unix domain sockets. This will likely resolve itself
> when snapd moves to use the new AppArmor 3.0 network
I work on some parts of snapd at Canonical, so thought I'd weigh in.
I've got a few of points to add:
1. In the "snap debug confinement" output, it says
"policy:downgraded". This indicates that snapd didn't detect enough
AppArmor features to enforce the full "strict confinement" sandbox, so
it
3 matches
Mail list logo
