Just as a quick info - to get things working with non-default home
directory locations, edit /etc/apparmor.d/tunables/home (or add a file
to /etc/apparmor.d/tunables/home.d/) and add your custom path
("/data/home/") to the @{HOMEDIRS} variable.
I'm not sure why read access to /data/ was requested (do you have
something besides the home directory in /data/ that could be needed by
snap or skype?) and if it is really needed, therefore I'd recommend to
re-check if this denial still happens after adjusting @{HOMEDIRS}.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1758449
Title:
skype snap does not work when home directory is not located in /home
Status in apparmor package in Ubuntu:
New
Bug description:
Hi
similar to this bug around libreoffice
(https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1751005),
apparmor makes the skype snap not work without any information except
this:
cannot create user data directory: /data/home/georges/snap/skype/23:
Permission denied
despite the directory being writeable.
It would really be advisable to make apparmor specific errors, else
end-users will never determine where the error comes from.
The error is here:
Mar 23 22:35:08 breeze kernel: [6580445.024083] audit: type=1400
audit(1521840908.018:6807): apparmor="DENIED" operation="open"
profile="/snap/core/4206/usr/lib/snapd/snap-confine" name="/data/" pid=7213
comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
I tried to remove the problem like this:
sudo apparmor_parser -R
/etc/apparmor.d/snap.core.4206.usr.lib.snapd.snap-confine
Which gives a new issue
$ skype
snap-confine has elevated permissions and is not confined but should be.
Refusing to continue to avoid permission escalation attacks
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: apparmor 2.11.0-2ubuntu17
ProcVersionSignature: Ubuntu 4.10.0-42.46-generic 4.10.17
Uname: Linux 4.10.0-42-generic x86_64
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Mar 23 22:38:16 2018
InstallationDate: Installed on 2017-09-20 (184 days ago)
InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
JournalErrors:
Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000']
failed with exit code 1: Hint: You are currently not seeing messages from other
users and the system.
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
No journal files were opened due to insufficient permissions.
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.10.0-42-generic.efi.signed
root=/dev/mapper/xubuntu--vg-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to artful on 2018-01-31 (50 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1758449/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
