Forbidden sqlite3 system call
Simon Stürz
timonmailinglist at gmail.com
Sun Nov 29 18:40:01 UTC 2015
On 2015-11-29 19:17, Jamie Strandboge wrote:
> On 11/27/2015 08:41 AM, Jamie Strandboge wrote:
>> On 11/23/2015 10:08 AM, Simon Stürz wrote:
>> In the meantime, to workaround this issue on rolling images until your code no
>> longer uses chown, you can provide an override and do something like this in
>> your yaml:
>>
>> services:
>> - name: guhd
>> ...
>> syscalls: [ fchown32 ]
>>
> Whoops, this should've been:
>
> services:
> - name: guhd
> ...
> security-override:
> syscalls: [ fchown32 ]
>
Not working yet.
This workaround gives me:
Installing /tmp/guhio_0.1.13_armhf.snap
2015/11/29 18:32:54.806560 verify.go:85: Signature check failed, but
installing anyway as requested
2015/11/29 18:33:53.903018 security.go:156: No seccomp policy found
/tmp/guhio_0.1.13_armhf.snap failed to install: no seccomp policy provided
Do I have to provide the seccomp file? I will reread the docs again.
My yaml file:
name: guhio
version: 0.1.13
type: app
vendor: Simon Stürz <simon.stuerz at guh.guru>
architecture: ["armhf"]
icon: meta/guh-logo.svg
source: https://github.com/guh/guh
license-version: "GPLv2"
services:
- name: guhd
start: usr/bin/guhd-wrapper.sh
description: "Daemon for the guh IoT server"
security-override:
syscalls: [ fchown32 ]
ports:
internal:
jsonrpc:
port: 2222/tcp
negotiable: yes
external:
ui:
port: 3333/tcp
negotiable: no
websocket:
port: 4444/tcp
negotiable: yes
binaries:
- name: guh-cli
exec: ./usr/bin/guh-cli
description: "Command line interface for the guh IoT server - python"
More information about the snappy-app-devel
mailing list