Verification on Plucky ====================== Verification was done with help of: - a just script: https://paste.ubuntu.com/p/5M6q7nRfjV/ - otel configuration: https://paste.ubuntu.com/p/5M6q7nRfjV/
1. Reproduce with snapd deb < 2.71 - Followed the steps in the justfile - Inspected the audit log - Then: ``` ubuntu@snapd-test:~$ snap version snap 2.71 snapd 2.68.5+ubuntu25.04.2 series 16 ubuntu 25.04 kernel 6.14.0-32-generic sudo dmesg | grep "dac_read_search" [ 1000.032359] audit: type=1400 audit(1759309677.748:230): apparmor="DENIED" operation="capable" class="cap" profile="snap.opentelemetry-collector.opentelemetry-collector" pid=3467 comm="otelcol" capability=2 capname="dac_read_search" [ 1019.719187] audit: type=1400 audit(1759309697.435:231): apparmor="DENIED" operation="capable" class="cap" profile="snap.opentelemetry-collector.opentelemetry-collector" pid=3467 comm="otelcol" capability=2 capname="dac_read_search" ``` 2. Prove fix with snapd deb 2.71 - Followed the steps in the justfile - Inspected the audit log - Downgrade snapd to < 2.71 - Then: ``` snap version snap 2.71+ubuntu25.04 snapd 2.71+ubuntu25.04 series 16 ubuntu 25.04 kernel 6.14.0-32-generic ubuntu@snapd-test:~$ sudo dmesg | grep "dac_read_search" <--- no denial ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2098780 Title: Add dac_read_search capabilities to the log-observe interface To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2098780/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
