** Description changed:
Tested with and without devmode:
foo snap is using:
plugs: [camera]
opening /dev/video0
snap install foo_1.0.snap
-> Access to /dev/video0 is given in x1
snap install foo_2.0.snap
-> Access to /dev/video0 is still given in x2 (same if reinstalling 1.0 as x2)
snap revert foo
-> Error, /dev/video0 isn't granted anymore in syslog (apparmor denial)
Previous access should still be granted after a revert. Also, it should
restore if a snap was installed to devmode, reverting it to devmode.
-
-------
-
- I tried as well to reload the service profile (installed in devmode) after
the revert:
-
+ I tried as well to reload the service profile (installed in devmode)
+ after the revert:
Sep 6 12:36:33 tidus kernel: [17346.954285] audit: type=1400
audit(1473158193.260:3432): apparmor="STATUS"
- operation="profile_replace" profile="unconfined"
name="snap.face-detection.service" pid=25891
- comm="apparmor_parser"
+ operation="profile_replace" profile="unconfined"
name="snap.face-detection.service" pid=25891
+ comm="apparmor_parser"
<restarting the service>
But I'm still getting apparmor denials:
-
+
Sep 6 12:36:54 tidus kernel: [17368.030680] audit: type=1400
audit(1473158214.336:3433): apparmor="DENIED"
- operation="open" profile="snap.face-detection.service"
name="/sys/bus/usb/devices/" pid=25900
- comm="face-detection-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- (and others like /dev/video0…)
+ operation="open" profile="snap.face-detection.service"
name="/sys/bus/usb/devices/" pid=25900
+ comm="face-detection-" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+ (and others like /dev/video0…)
+ -----
+
+ Here is a set of install (all with --devmode for this run):
+ 121 Done 2016-09-06T10:24:46Z 2016-09-06T10:24:47Z Install
"face-detection" snap from file "face-detection_1.0_amd64.snap"
+ 122 Done 2016-09-06T10:33:16Z 2016-09-06T10:33:18Z Install
"face-detection" snap from file "face-detection_1.0_amd64.snap"
+ 123 Done 2016-09-06T10:33:31Z 2016-09-06T10:33:33Z Install
"face-detection" snap from file "face-detection_2.0alpha1_amd64.snap"
+ 124 Done 2016-09-06T10:33:56Z 2016-09-06T10:33:58Z Revert
"face-detection" snap
+ $ snap change 121
+ Status Spawn Ready Summary
+ Done 2016-09-06T10:24:46Z 2016-09-06T10:24:46Z Prepare snap
"/tmp/snapd-sideload-pkg-901288151" (unset)
+ Done 2016-09-06T10:24:46Z 2016-09-06T10:24:46Z Mount snap
"face-detection" (unset)
+ Done 2016-09-06T10:24:46Z 2016-09-06T10:24:46Z Copy snap
"face-detection" data
+ Done 2016-09-06T10:24:46Z 2016-09-06T10:24:47Z Setup snap
"face-detection" (unset) security profiles
+ Done 2016-09-06T10:24:46Z 2016-09-06T10:24:47Z Make snap
"face-detection" (unset) available to the system
+
+ $ snap change 122
+ Status Spawn Ready Summary
+ Done 2016-09-06T10:33:16Z 2016-09-06T10:33:16Z Prepare snap
"/tmp/snapd-sideload-pkg-371020574" (unset)
+ Done 2016-09-06T10:33:16Z 2016-09-06T10:33:17Z Mount snap
"face-detection" (unset)
+ Done 2016-09-06T10:33:16Z 2016-09-06T10:33:17Z Make current revision for
snap "face-detection" unavailable
+ Done 2016-09-06T10:33:16Z 2016-09-06T10:33:18Z Copy snap
"face-detection" data
+ Done 2016-09-06T10:33:16Z 2016-09-06T10:33:18Z Setup snap
"face-detection" (unset) security profiles
+ Done 2016-09-06T10:33:16Z 2016-09-06T10:33:18Z Make snap
"face-detection" (unset) available to the system
+
+
+ $ snap change 123
+ Status Spawn Ready Summary
+ Done 2016-09-06T10:33:31Z 2016-09-06T10:33:31Z Prepare snap
"/tmp/snapd-sideload-pkg-836621545" (unset)
+ Done 2016-09-06T10:33:31Z 2016-09-06T10:33:32Z Mount snap
"face-detection" (unset)
+ Done 2016-09-06T10:33:31Z 2016-09-06T10:33:33Z Make current revision for
snap "face-detection" unavailable
+ Done 2016-09-06T10:33:31Z 2016-09-06T10:33:33Z Copy snap
"face-detection" data
+ Done 2016-09-06T10:33:31Z 2016-09-06T10:33:33Z Setup snap
"face-detection" (unset) security profiles
+ Done 2016-09-06T10:33:31Z 2016-09-06T10:33:33Z Make snap
"face-detection" (unset) available to the system
+
+ $ snap change 124
+ Status Spawn Ready Summary
+ Done 2016-09-06T10:33:56Z 2016-09-06T10:33:56Z Prepare snap "" (x2)
+ Done 2016-09-06T10:33:56Z 2016-09-06T10:33:57Z Make current revision for
snap "face-detection" unavailable
+ Done 2016-09-06T10:33:56Z 2016-09-06T10:33:57Z Setup snap
"face-detection" (x2) security profiles
+ Done 2016-09-06T10:33:56Z 2016-09-06T10:33:58Z Make snap
"face-detection" (x2) available to the system
---------
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: snapd 2.13
ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16
Uname: Linux 4.4.0-36-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Sep 6 12:27:33 2016
InstallationDate: Installed on 2012-05-28 (1561 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64
(20120425)
SourcePackage: snapd
UpgradeStatus: Upgraded to xenial on 2014-10-31 (675 days ago)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1620560
Title:
Revert command doesn't reset the right apparmor profile
To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1620560/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
