Verification on Noble ===================== Verification was done with help of: - a just script: https://paste.ubuntu.com/p/5M6q7nRfjV/ - otel configuration: https://paste.ubuntu.com/p/5M6q7nRfjV/
1. Reproduce with snapd deb < 2.71 - Followed the steps in the justfile - Inspected the audit log - Then: ``` multipass exec snapd-test -- snap version snap 2.71 snapd 2.68.5+ubuntu24.04.1 series 16 ubuntu 24.04 kernel 6.8.0-71-generic multipass exec snapd-test -- sudo dmesg | grep "dac_read_search" [62806.157118] audit: type=1400 audit(1759306232.070:221): apparmor="DENIED" operation="capable" class="cap" profile="snap.opentelemetry-collector.opentelemetry-collector" pid=16015 comm="otelcol" capability=2 capname="dac_read_search" ``` 2. Prove fix with snapd deb 2.71 - Followed the steps in the justfile - Inspected the audit log - Downgrade snapd to < 2.71 - Then: ``` multipass exec snapd-test -- snap version snap 2.71+ubuntu24.04 snapd 2.71+ubuntu24.04 series 16 ubuntu 24.04 kernel 6.8.0-84-generic multipass exec snapd-test -- sudo dmesg | grep "dac_read_search" <--- no denial ``` -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2098780 Title: Add dac_read_search capabilities to the log-observe interface To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2098780/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
