Public bug reported:
As of yesterday, launching gui-enabled snaps reliably triggers apparmor
denials communicating with nvidia drivers.
$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu Focal Fossa (development branch)
Release: 20.04
Codename: focal
$ snap version
snap 2.43.2
snapd 2.43.2
series 16
ubuntu 20.04
kernel 5.4.0-12-generic
The denials look like the following:
Feb 11 02:27:47 utumno audit[855860]: AVC apparmor="DENIED" operation="sendmsg"
profile="snap.simplenote.simplenote" pid=855860 comm="simplenote" family="unix"
sock_type="dgram" protocol=0 requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 11 02:27:47 utumno audit[855860]: AVC apparmor="DENIED" operation="sendmsg"
profile="snap.simplenote.simplenote" name="/run/nvidia-xdriver-f8177d9f"
pid=855860 comm="simplenote" requested_mask="w" denied_mask="w" fsuid=1000
ouid=0
Feb 11 02:27:47 utumno kernel: audit: type=1400 audit(1581406067.880:2542):
apparmor="DENIED" operation="sendmsg" profile="snap.simplenote.simplenote"
pid=855860 comm="simplenote" family="unix" sock_type="dgram" protocol=0
requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 11 02:27:47 utumno kernel: audit: type=1400 audit(1581406067.880:2543):
apparmor="DENIED" operation="sendmsg" profile="snap.simplenote.simplenote"
name="/run/nvidia-xdriver-f8177d9f" pid=855860 comm="simplenote"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Feb 10 19:31:58 utumno audit[484729]: AVC apparmor="DENIED" operation="sendmsg"
profile="snap.pomotroid.pomotroid" pid=484729 comm="pomotroid" family="unix"
sock_type="dgram" protocol=0 requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 10 19:31:58 utumno audit[484729]: AVC apparmor="DENIED" operation="sendmsg"
profile="snap.pomotroid.pomotroid" name="/run/nvidia-xdriver-f8177d9f"
pid=484729 comm="pomotroid" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Feb 10 19:31:58 utumno kernel: audit: type=1400 audit(1581381118.124:340):
apparmor="DENIED" operation="sendmsg" profile="snap.pomotroid.pomotroid"
pid=484729 comm="pomotroid" family="unix" sock_type="dgram" protocol=0
requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 10 19:31:58 utumno kernel: audit: type=1400 audit(1581381118.124:341):
apparmor="DENIED" operation="sendmsg" profile="snap.pomotroid.pomotroid"
name="/run/nvidia-xdriver-f8177d9f" pid=484729 comm="pomotroid"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Feb 11 13:08:13 utumno audit[1447768]: AVC apparmor="DENIED"
operation="sendmsg" profile="snap.pomotroid.pomotroid" pid=1447768
comm="pomotroid" family="unix" sock_type="dgram" protocol=0
requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 11 13:08:13 utumno kernel: audit: type=1400 audit(1581444493.290:9448):
apparmor="DENIED" operation="sendmsg" profile="snap.pomotroid.pomotroid"
pid=1447768 comm="pomotroid" family="unix" sock_type="dgram" protocol=0
requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 11 13:08:13 utumno kernel: audit: type=1400 audit(1581444493.290:9449):
apparmor="DENIED" operation="sendmsg" profile="snap.pomotroid.pomotroid"
name="/run/nvidia-xdriver-f8177d9f" pid=1447768 comm="pomotroid"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Feb 11 13:08:13 utumno audit[1447768]: AVC apparmor="DENIED"
operation="sendmsg" profile="snap.pomotroid.pomotroid"
name="/run/nvidia-xdriver-f8177d9f" pid=1447768 comm="pomotroid"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Feb 11 13:59:41 utumno audit[1505247]: AVC apparmor="DENIED"
operation="sendmsg" profile="snap.pomotroid.pomotroid" pid=1505247
comm="pomotroid" family="unix" sock_type="dgram" protocol=0
requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 11 13:59:41 utumno audit[1505247]: AVC apparmor="DENIED"
operation="sendmsg" profile="snap.pomotroid.pomotroid"
name="/run/nvidia-xdriver-f8177d9f" pid=1505247 comm="pomotroid"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Feb 11 13:59:41 utumno kernel: audit: type=1400 audit(1581447581.792:10272):
apparmor="DENIED" operation="sendmsg" profile="snap.pomotroid.pomotroid"
pid=1505247 comm="pomotroid" family="unix" sock_type="dgram" protocol=0
requested_mask="send" denied_mask="send" addr=none
peer_addr="@7661722F72756E2F6E76696469612D786472697665722D66383137376439660000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"
Feb 11 13:59:41 utumno kernel: audit: type=1400 audit(1581447581.792:10273):
apparmor="DENIED" operation="sendmsg" profile="snap.pomotroid.pomotroid"
name="/run/nvidia-xdriver-f8177d9f" pid=1505247 comm="pomotroid"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
** Affects: snapd
Importance: Medium
Status: Triaged
** Affects: snapd (Ubuntu)
Importance: Medium
Status: Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862832
Title:
Latest snapd triggers apparmor denials on 'sendmsg' name=/run/nvidia-
xdriver-xxxx
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1862832/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
