App denied access to /lib and crashes

Pawel Stolowski pawel.stolowski at
Tue Jun 28 08:44:11 UTC 2016


I've been trying to create a snap package for Scid-vs-PC (and old-style 
TCL/TK based app) but have only been able to get it working in devmode.
In the strict mode it crashes in and the segfault appears 
right after a denied access to read "/lib", in dmesg which makes me 
think that tcl/tk doesn't handle such (unexpected) scenario very well.

When running in the devmode I get:
[ 4039.752903] audit: type=1400 audit(1467102032.459:56): 
apparmor="ALLOWED" operation="open" profile="snap.scid-vs-pc.scidvspc" 
name="/lib/" pid=18523 comm="tkscid" requested_mask="r" denied_mask="r" 
fsuid=1000 ouid=0
(and the app runs fine).

I suspect that just making "/lib" readable to my snap would make that 
app happy, so a couple of questions:
- can I somehow expose "/lib" in read-only mode to my snap under 
"strict" confinement?
- or can I somehow simulate the presence of "/lib" (and let it be empty)?


More information about the Snapcraft mailing list