service with shared libraries

[Jamie Strandboge]

On 04/13/2015 12:27 PM, Andrei Porumb wrote:
...
> 
> Further investigation revealed that in the small script that attempts to start
> the service there cannot be just any command. For example, "ldd" cannot be there
> (if it is, there's going to be a DENIAL something like : Apr 12 19:53:10
> localhost.localdomain kernel: audit: type=1400 audit(1428868390.904:62):
> apparmor="DENIED" operation="exec" profile="simplesampleamqp_sum_44"
> name="/usr/bin/ldd" pid=2310 comm="sum.sh" requested_mask="x" denied_mask="x"
> fsuid=0 ouid=0). Echo is fine to be in the script...
> 

The apparmor policy is not allowing access to the ldd command. I'll update the
policy and upload later today to allow this.

In the meantime, after you install your snap, you can adjust
/var/lib/apparmor/profiles/*simplesampleamqp_sum_44 to have this somewhere
before the final curl brace (don't forget the comma):
/usr/bin/ldd ixr,

Then run:
$ sudo apparmor_parser -r /var/lib/apparmor/profiles/*simplesampleamqp_sum_44

Note: this change will be removed if you reinstall the snap.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20150413/d179479e/attachment.pgp>