Public bug reported: Similar to bug 1580018, I'm not sure if the default apparmor profile is not correct, or possibly this bug is invalid and `sed -i.bak` should be denied.
AFAICT, the issue is that sed -i.bak tries a chown syscall on the backup file in the $SNAP_USER_DATA directory, and the apparmor profile does not allow that (perhaps for good reason). michael@dev-xenial2:~/dev/todo.txt⟫ cat /snap/todo-txt/100001/test-sed.sh #! /bin/bash echo "The quick brown fox jumped over the lazy dog" > $SNAP_USER_DATA/sed-test.txt sed 's/quick/fast/' $SNAP_USER_DATA/sed-test.txt | tee $SNAP_USER_DATA/sed-output.txt sed -i.bak 's/quick/fast/' $SNAP_USER_DATA/sed-test.txt chown michael@dev-xenial2:~/dev/todo.txt⟫ todo-txt.test-sed The fast brown fox jumped over the lazy dog /snap/todo-txt/100001/test-sed.sh: line 5: 11763 Bad system call sed -i.bak 's/quick/fast/' $SNAP_USER_DATA/sed-test.txt /snap/todo-txt/100001/test-sed.sh: line 6: /bin/chown: Permission denied 126 michael@dev-xenial2:~/dev/todo.txt⟫ ls -l ~/snap/todo-txt/100001/ total 12 -rw-rw-r-- 1 michael michael 44 May 13 04:30 sed-output.txt -rw-rw-r-- 1 michael michael 45 May 13 04:30 sed-test.txt ---------- 1 michael michael 44 May 13 04:30 sedwCnCDY michael@dev-xenial2:~/dev/todo.txt⟫ dmesg -H | tail -n3 [ +39.843825] audit: type=1326 audit(1463113859.687:232): auid=1001 uid=1001 gid=1001 ses=4 pid=11763 comm="sed" exe="/bin/sed" sig=31 arch=c000003e syscall=93 compat=0 ip=0x7f8428874a77 code=0x0 [ +0.001342] audit: type=1400 audit(1463113859.691:233): apparmor="DENIED" operation="exec" profile="snap.todo-txt.test-sed" name="/bin/chown" pid=11764 comm="test-sed.sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 [ +0.000100] audit: type=1400 audit(1463113859.691:234): apparmor="DENIED" operation="open" profile="snap.todo-txt.test-sed" name="/bin/chown" pid=11764 comm="test-sed.sh" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 michael@dev-xenial2:~/dev/todo.txt⟫ scmp_sys_resolver 93 fchown ** Affects: snapd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1581310 Title: ubuntu-core doesn't allow sed -i (fchown syscall) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1581310/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs