[Bug 1620560] [NEW] Revert command doesn't reset the right apparmor profile

Didier Roche Tue, 06 Sep 2016 03:41:46 -0700

Public bug reported:

Tested with and without devmode:


foo snap is using:
    plugs: [camera]
opening /dev/video0

snap install foo_1.0.snap
-> Access to /dev/video0 is given in x1
snap install foo_2.0.snap
-> Access to /dev/video0 is still given in x2 (same if reinstalling 1.0 as x2)
snap revert foo
-> Error, /dev/video0 isn't granted anymore in syslog (apparmor denial)

Previous access should still be granted after a revert. Also, it should
restore if a snap was installed to devmode, reverting it to devmode.


-------


I tried as well to reload the service profile (installed in devmode) after the 
revert:


Sep  6 12:36:33 tidus kernel: [17346.954285] audit: type=1400 
audit(1473158193.260:3432): apparmor="STATUS"
operation="profile_replace" profile="unconfined" 
name="snap.face-detection.service" pid=25891              
comm="apparmor_parser"                                                          
                           

<restarting the service>
But I'm still getting apparmor denials:
                                                                                
     
Sep  6 12:36:54 tidus kernel: [17368.030680] audit: type=1400 
audit(1473158214.336:3433): apparmor="DENIED"
operation="open" profile="snap.face-detection.service" 
name="/sys/bus/usb/devices/" pid=25900              
comm="face-detection-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0        
                           
(and others like /dev/video0…)                                                  
                           



---------
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: snapd 2.13
ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16
Uname: Linux 4.4.0-36-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Sep  6 12:27:33 2016
InstallationDate: Installed on 2012-05-28 (1561 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 
(20120425)
SourcePackage: snapd
UpgradeStatus: Upgraded to xenial on 2014-10-31 (675 days ago)

** Affects: snappy
     Importance: Critical
     Assignee: Zygmunt Krynicki (zyga)
         Status: In Progress

** Affects: snapd (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug xenial

** Also affects: snappy
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1620560

Title:
  Revert command doesn't reset the right apparmor profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1620560/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1620560] [NEW] Revert command doesn't reset the right apparmor profile

Reply via email to