App denied access to /lib and crashes
Pawel Stolowski
pawel.stolowski at canonical.com
Tue Jun 28 08:44:11 UTC 2016
Hi,
I've been trying to create a snap package for Scid-vs-PC (and old-style
TCL/TK based app) but have only been able to get it working in devmode.
In the strict mode it crashes in libtk8.6.so and the segfault appears
right after a denied access to read "/lib", in dmesg which makes me
think that tcl/tk doesn't handle such (unexpected) scenario very well.
When running in the devmode I get:
[ 4039.752903] audit: type=1400 audit(1467102032.459:56):
apparmor="ALLOWED" operation="open" profile="snap.scid-vs-pc.scidvspc"
name="/lib/" pid=18523 comm="tkscid" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0
(and the app runs fine).
I suspect that just making "/lib" readable to my snap would make that
app happy, so a couple of questions:
- can I somehow expose "/lib" in read-only mode to my snap under
"strict" confinement?
- or can I somehow simulate the presence of "/lib" (and let it be empty)?
Cheers,
Pawel
More information about the Snapcraft
mailing list