service with shared libraries

Jamie Strandboge jamie at
Mon Apr 13 20:21:56 UTC 2015

On 04/13/2015 03:04 PM, Andrei Porumb wrote:
> Hello Jamie,
> 	Thank you for your email. 
> I would love to edit click_simplesample_...44, I do not believe I
> can do that, the reason being that click_simplesampleamqp_sum_44 is
> readonly. I cannot create any files in that folder, I believe that
> Ubuntu Snappy is on purpose configured to not allow any writes in
> that folder.
You would have to alter this file as an admin. Eg, on the device:
$ sudo vi /var/lib/apparmor/profiles/*simplesampleamqp_sum_44

However, I just uploaded the fix so it will be on the next devel-proposed image

> But assuming I would add "/usr/bin/ldd ixr," - would that allow the
> service to load a shared library? Or that would unblock executing
> "ldd" from a service context only?
I adjusted the default template to allow any app to execute the 'ldd' command.
Apps are already allowed to load a shared library from their app-specific

> Best Regards,
> Andrei Porumb
> -----Original Message-----
> From: Jamie Strandboge [mailto:jamie at] 
> Sent: Monday, April 13, 2015 11:54 AM
> To: Andrei Porumb; snappy-app-devel at
> Subject: Re: service with shared libraries
> On 04/13/2015 12:27 PM, Andrei Porumb wrote:
> ...
>> Further investigation revealed that in the small script that attempts 
>> to start the service there cannot be just any command. For example, 
>> "ldd" cannot be there (if it is, there's going to be a DENIAL 
>> something like : Apr 12 19:53:10 localhost.localdomain kernel: audit: type=1400 audit(1428868390.904:62):
>> apparmor="DENIED" operation="exec" profile="simplesampleamqp_sum_44"
>> name="/usr/bin/ldd" pid=2310 comm="" requested_mask="x" denied_mask="x"
>> fsuid=0 ouid=0). Echo is fine to be in the script...
> The apparmor policy is not allowing access to the ldd command. I'll update the policy and upload later today to allow this.
> In the meantime, after you install your snap, you can adjust
> /var/lib/apparmor/profiles/*simplesampleamqp_sum_44 to have this somewhere before the final curl brace (don't forget the comma):
> /usr/bin/ldd ixr,
> Then run:
> $ sudo apparmor_parser -r /var/lib/apparmor/profiles/*simplesampleamqp_sum_44
> Note: this change will be removed if you reinstall the snap.

Jamie Strandboge       

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the snappy-app-devel mailing list