[Bug 1620560] Re: Revert command doesn't reset the right apparmor profile

Didier Roche Tue, 06 Sep 2016 03:46:47 -0700

** Description changed:

  Tested with and without devmode:
  
  foo snap is using:
-     plugs: [camera]
+     plugs: [camera]
  opening /dev/video0
- 
  
  snap install foo_1.0.snap
  -> Access to /dev/video0 is given in x1
  snap install foo_2.0.snap
  -> Access to /dev/video0 is still given in x2 (same if reinstalling 1.0 as x2)
  snap revert foo
  -> Error, /dev/video0 isn't granted anymore in syslog (apparmor denial)
  
  Previous access should still be granted after a revert. Also, it should
  restore if a snap was installed to devmode, reverting it to devmode.
  
+ 
+ -------
+ 
+ 
+ I tried as well to reload the service profile (installed in devmode) after 
the revert:
+ 
+ 
+ Sep  6 12:36:33 tidus kernel: [17346.954285] audit: type=1400 
audit(1473158193.260:3432): apparmor="STATUS"
+ operation="profile_replace" profile="unconfined" 
name="snap.face-detection.service" pid=25891              
+ comm="apparmor_parser"                                                        
                             
+ 
+ <restarting the service>
+ But I'm still getting apparmor denials:
+                                                                               
       
+ Sep  6 12:36:54 tidus kernel: [17368.030680] audit: type=1400 
audit(1473158214.336:3433): apparmor="DENIED"
+ operation="open" profile="snap.face-detection.service" 
name="/sys/bus/usb/devices/" pid=25900              
+ comm="face-detection-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0      
                             
+ (and others like /dev/video0…)                                                
                             
+ 
+ 
+ 
+ 
+ 
+ ---------
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: snapd 2.13
  ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16
  Uname: Linux 4.4.0-36-generic x86_64
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Tue Sep  6 12:27:33 2016
  InstallationDate: Installed on 2012-05-28 (1561 days ago)
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 
(20120425)
  SourcePackage: snapd
  UpgradeStatus: Upgraded to xenial on 2014-10-31 (675 days ago)


-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1620560

Title:
  Revert command doesn't reset the right apparmor profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1620560/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1620560] Re: Revert command doesn't reset the right apparmor profile

Reply via email to