** Description changed:
+ snapd version is 2.14.1 (from xenial-proposed).
+
The firewall-control plug is succesfully established, however 'ufw
enable' and 'ufw status' give errors:
pawel@ubuntu:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 12
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 12
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Problem loading ipv6 (skipping)
Problem running '/var/snap/ufw/2//etc/ufw/before.rules'
Problem running '/var/snap/ufw/2//etc/ufw/after.rules'
Problem running '/var/snap/ufw/2//etc/ufw/user.rules'
pawel@ubuntu:~$ sudo ufw status
ERROR: problem running iptables: iptables v1.6.0: can't initialize iptables
table `filter': Permission denied
Perhaps iptables or your kernel needs to be upgraded.
The contents of dmesg:
[ 113.537319] audit: type=1400 audit(1472629348.002:54): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/sbin/xtables-multi" pid=3443
comm="cli" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
[ 122.808133] audit: type=1400 audit(1472629357.279:55): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="snap.ufw.doc" pid=3460
comm="apparmor_parser"
[ 122.871312] audit: type=1400 audit(1472629357.347:56): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="snap.ufw.init" pid=3462
comm="apparmor_parser"
[ 122.935780] audit: type=1400 audit(1472629357.407:57): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="snap.ufw.srv" pid=3464
comm="apparmor_parser"
[ 122.995141] audit: type=1400 audit(1472629357.467:58): apparmor="STATUS"
operation="profile_replace" profile="unconfined" name="snap.ufw.ufw" pid=3466
comm="apparmor_parser"
[ 141.986084] audit: type=1400 audit(1472629376.469:59): apparmor="DENIED"
operation="ptrace" profile="snap.ufw.ufw" pid=3486 comm="python3"
requested_mask="trace" denied_mask="trace" peer="snap.ufw.ufw"
[ 141.986234] audit: type=1400 audit(1472629376.469:60): apparmor="DENIED"
operation="ptrace" profile="snap.ufw.ufw" pid=3486 comm="python3"
requested_mask="trace" denied_mask="trace" peer="snap.ufw.ufw"
[ 145.739685] audit: type=1400 audit(1472629380.223:61): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3491
comm="iptables" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 145.744045] audit: type=1400 audit(1472629380.231:62): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3493
comm="ip6tables" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 145.747778] audit: type=1400 audit(1472629380.235:63): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3496
comm="iptables-restor" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 145.751338] audit: type=1400 audit(1472629380.235:64): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3498
comm="iptables" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 145.754957] audit: type=1400 audit(1472629380.243:65): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3501
comm="iptables-restor" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 145.758856] audit: type=1400 audit(1472629380.243:66): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3504
comm="iptables-restor" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 145.762293] audit: type=1400 audit(1472629380.251:67): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3506
comm="iptables" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 145.766808] audit: type=1400 audit(1472629380.255:68): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3509
comm="iptables-restor" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[ 192.950798] audit_printk_skb: 24 callbacks suppressed
[ 192.950800] audit: type=1400 audit(1472629427.462:77): apparmor="DENIED"
operation="exec" profile="snap.ufw.ufw" name="/bin/kmod" pid=3566
comm="iptables" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
** Changed in: snapd (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1618737
Title:
firewall-control doesn't grant all the required permissions for ufw to
work
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1618737/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
