Public bug reported: This issue aims to be the follow-up of https://github.com/roddhjav/apparmor.d/issues/693
I think that snapd needs to include AppArmor profiles for the main binaries and lib on top of handling profiles for snap managed app. While working on apparmor.d I have made a first working "draft" of these profiles and I would like to discuss the integration of these profile here. You can see the full profiles here: https://github.com/roddhjav/apparmor.d/tree/main/apparmor.d/groups/snap The current snap profiles will work for all common operation (install, start, remove...). It has tests for this (see [tests/integration/snap.bats](https://github.com/roddhjav/apparmor.d/blob/main/tests/integration/snap.bats)). However, they have not been tested yet for more advanced tasks (including special Ubuntu One capabilities). Therefore, it is obvious, they can't get directly merged as it, and that some feedback from the snapd team is going to be required. Regarding more technical details: - They have been tested on Ubuntu 22.04, 24.04 and 24.10 - The profiles use a lot of resources developed in the apparmor.d project ([abstractions](https://apparmor.pujol.io/development/abstractions/) & [tunables](https://apparmor.pujol.io/variables/), the [dbus architecture](https://apparmor.pujol.io/development/dbus/), some [directives](https://apparmor.pujol.io/development/directives/). ** Affects: snapd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2103959 Title: Add apparmor profiles for snap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2103959/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
