service with shared libraries
jamie at canonical.com
Mon Apr 13 18:54:23 UTC 2015
On 04/13/2015 12:27 PM, Andrei Porumb wrote:
> Further investigation revealed that in the small script that attempts to start
> the service there cannot be just any command. For example, "ldd" cannot be there
> (if it is, there's going to be a DENIAL something like : Apr 12 19:53:10
> localhost.localdomain kernel: audit: type=1400 audit(1428868390.904:62):
> apparmor="DENIED" operation="exec" profile="simplesampleamqp_sum_44"
> name="/usr/bin/ldd" pid=2310 comm="sum.sh" requested_mask="x" denied_mask="x"
> fsuid=0 ouid=0). Echo is fine to be in the script...
The apparmor policy is not allowing access to the ldd command. I'll update the
policy and upload later today to allow this.
In the meantime, after you install your snap, you can adjust
/var/lib/apparmor/profiles/*simplesampleamqp_sum_44 to have this somewhere
before the final curl brace (don't forget the comma):
$ sudo apparmor_parser -r /var/lib/apparmor/profiles/*simplesampleamqp_sum_44
Note: this change will be removed if you reinstall the snap.
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the snappy-app-devel