daemon launches another shell

Roberto Mier Escandón  roberto.escandon at canonical.com
Fri Feb 3 10:24:51 UTC 2017


Hey,

Does anybody knows if openning a new shell from a daemon startup script
will be allowed in confined mode?. The case is this: the daemon starts
as root and tries to execute certain script as another user

su otheruser --shell=/bin/sh -c "$SNAP/bin/thescript"

in devmode, apparmor is giving me some ALLOWED traces that i'm not
confident will be allowed when confined...

Cheers.




More information about the Snapcraft mailing list