Public bug reported: After the automatic upgrade from lxd's snap from 3.20 to 3.21, those denials appeared:
audit: type=1400 audit(1581974677.106:144): apparmor="DENIED" operation="open" profile="snap.lxd.hook.configure" name="/var/lib/snapd/hostfs/usr/lib/os-release" pid=13303 comm="snap-exec" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 audit: type=1400 audit(1581974677.390:145): apparmor="DENIED" operation="open" profile="snap.lxd.hook.configure" name="/var/lib/snapd/hostfs/usr/lib/os-release" pid=13321 comm="snapctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 The snapctl one was repeated a couple of times, presumably as it was retried. After looking at historical data, this seems to happen every time lxd's snap is updated. Note: this problem was initially reported to lxd upstream (https://github.com/lxc/lxd/issues/6891) before being redirected here. Additional information: $ lsb_release -rd Description: Ubuntu 18.04.4 LTS Release: 18.04 $ apt-cache policy snapd snapd: Installed: 2.42.1+18.04 Candidate: 2.42.1+18.04 Version table: *** 2.42.1+18.04 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 100 /var/lib/dpkg/status 2.37.4+18.04.1 500 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 2.32.5+18.04 500 500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages $ snap list Name Version Rev Tracking Publisher Notes core 16-2.43.2 8592 stable canonical✓ core lxd 3.21 13390 stable canonical✓ - $ snap info core name: core summary: snapd runtime environment publisher: Canonical✓ store-url: https://snapcraft.io/core contact: [email protected] license: unset description: | The core runtime environment for snapd type: core snap-id: 99T7MUlRhtI3U0QFgl5mXXESAiSwt776 tracking: latest/stable refresh-date: 7 days ago, at 15:51 EST channels: stable: 16-2.43.2 2020-02-11 (8592) 95MB - candidate: 16-2.43.3 2020-02-13 (8689) 95MB - beta: 16-2.43.3 2020-02-12 (8689) 95MB - edge: 16-2.43.3+git1659.8fa09ac 2020-02-18 (8716) 96MB - installed: 16-2.43.2 (8592) 95MB core ** Affects: snapd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863772 Title: apparmor missing read permission for /var/lib/snapd/hostfs/usr/lib/os- release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1863772/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
