What is curious is that we apparently give this permission:
The denial says:
audit: type=1400 audit(1581974677.390:145): apparmor="DENIED"
operation="open" profile="snap.lxd.hook.configure"
name="/var/lib/snapd/hostfs/usr/lib/os-release" pid=13321 comm="snapctl"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
But what is curious is that this is already provided by the lxd-support
interface:
# Allow discovering the os-release of the host
/var/lib/snapd/hostfs/{etc,usr/lib}/os-release r,
As we can see the denial is for the configure hook, perhaps it simply
runs without this permission.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1863772
Title:
apparmor missing read permission for /var/lib/snapd/hostfs/usr/lib/os-
release
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1863772/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
