Regards, Jamie.
> On 1 Nov 2016, at 23:43, Sergio Schvezov <[email protected]> > wrote: > > > >> El 01/11/16 a las 23:31, Joseph Rushton Wakeling escribió: >>> On 27/10/16 22:13, Joseph Rushton Wakeling wrote: >>>> On 27/10/16 08:37, Didier Roche wrote: >>>> I would look at /var/log/syslogs. Apparmor and seccomp denials are >>>> listed there. Note that if you didn't already, you should really start >>>> developping your snap in devmode. That way, it will get confinment out >>>> of the equasion to get your relocatable code and dependencies working. >>>> Then, we can turn on confinement and figure out those issues to be able >>>> to publish in the stable channel. >>> >>> Yea, I probably should have started with devmode. Thanks for the advice >>> about >>> syslogs; I'll check it out and see what I can find. >> >> OK, so it looks like apparmor was indeed responsible. The loglines in >> question: >> >> Oct 30 17:50:50 computername kernel: [ 9532.992875] audit: type=1400 >> audit(1477846250.853:43): apparmor="DENIED" operation="link" >> profile="snap.dub.dub" >> name="/home/username/code/D/dgraph/build/dgraph_graphtest" pid=22464 >> comm="dub" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 >> target="/home/username/code/D/dgraph/.dub/build/application-debug-linux.posix-x86_64-ldc_0-B7AFC7F4AA486AA98C5445F91F5653DB/dgraph_graphtest" >> Oct 30 17:50:50 computername kernel: [ 9533.035303] audit: type=1326 >> audit(1477846250.897:44): auid=4294967295 uid=1000 gid=1000 ses=4294967295 >> pid=22464 comm="dub" exe="/snap/dub/x1/bin/dub" sig=31 arch=c000003e >> syscall=92 compat=0 ip=0x7f9b72d13717 code=0x0 >> >> I'm not experienced with apparmor, so could someone explain exactly what >> this means? (I get the general idea, but the specifics would be useful to >> understand precisely.) > > If this is x86_64, everything is aligned with the world, syscall 92 is chown. > A useful tool here can help you out, and luckily there is one, run `snap > install snappy-debug` and it will do some nice things to figure out what is > going on wth these apparmor and seccomp blockers. > >> >> In particular, is there an obvious reason why this might be showing up with >> the dub snap, when the earlier ldc2 snap didn't have this problem? I would >> guess because the ldc2 instance used by the snap-packaged dub is internal to >> the snap and does not benefit from the home-directory interface that dub >> itself gets? > It seems to be just a dub problem. > >> >> Setting the containment to devmode removes the problem, but it would be nice >> to be able to have strict confinement earlier rather than later. >> > If this is the problem and you can patch the software then removing the chown > could work, I am CCing Jamie for other ideas that could come up. > > -- > Snapcraft mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/snapcraft -- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
