The denial is in the default template, not snap-confine
(profile="snap.mosquitto.subscribe"). I talked to the apparmor kernel
devs and this has to do with the new linux 4.8 kernel and not snap-
confine per se. This is a semantic change in the upstream kernel. Per
jjohansen, "the location of the mmap check in the binfmt_elf loader
changed, and along with it the cred that is used for the check".

The fix will need to be to default policy in snapd, not snap-confine.

** Also affects: snappy
   Importance: Undecided
       Status: New

** Changed in: snap-confine
       Status: New => Invalid

** Changed in: snap-confine (Ubuntu)
       Status: Confirmed => Invalid

** Also affects: snapd (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: snappy
       Status: New => In Progress

** Changed in: snappy
   Importance: Undecided => Critical

** Changed in: snappy
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: snapd (Ubuntu)
       Status: New => Triaged

** Changed in: snapd (Ubuntu)
   Importance: Undecided => Critical

** Changed in: snapd (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1626121

Title:
  snap-confine causes Segmentation fault

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1626121/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to