The denial is in the default template, not snap-confine
(profile="snap.mosquitto.subscribe"). I talked to the apparmor kernel
devs and this has to do with the new linux 4.8 kernel and not snap-
confine per se. This is a semantic change in the upstream kernel. Per
jjohansen, "the location of the mmap check in the binfmt_elf loader
changed, and along with it the cred that is used for the check".
The fix will need to be to default policy in snapd, not snap-confine.
** Also affects: snappy
Importance: Undecided
Status: New
** Changed in: snap-confine
Status: New => Invalid
** Changed in: snap-confine (Ubuntu)
Status: Confirmed => Invalid
** Also affects: snapd (Ubuntu)
Importance: Undecided
Status: New
** Changed in: snappy
Status: New => In Progress
** Changed in: snappy
Importance: Undecided => Critical
** Changed in: snappy
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: snapd (Ubuntu)
Status: New => Triaged
** Changed in: snapd (Ubuntu)
Importance: Undecided => Critical
** Changed in: snapd (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1626121
Title:
snap-confine causes Segmentation fault
To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1626121/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
