Permission Denied and AppArmor Denial
Jamie Strandboge
jamie at canonical.com
Tue Oct 27 13:22:18 UTC 2015
On 10/26/2015 07:32 PM, robert_joslyn at selinc.com wrote:
> I'm trying to get a simple hello world snap working, but I'm getting a
> permission denied error when trying to run the program.
>
> (amd64)ubuntu at localhost:~$ hello.hello
> execv failed: Permission denied
>
> It seems that AppArmor is blocking this, as this message appears in the
> kernel log:
>
> Oct 26 23:48:11 localhost kernel: [ 655.094769] audit: type=1400
> audit(1445903291.119:15): apparmor="DENIED" operation="getattr"
> info="Failed name lookup - disconnected path" error=-13
> profile="/usr/bin/ubuntu-core-launcher" name="dev/pts/0" pid=1001
> comm="ubuntu-core-lau" requested_mask="r" denied_mask="r" fsuid=1000
> ouid=1000
>
> My package.yaml is:
> name: hello
> version: 0.0.1
> vendor: none
>
> binaries:
> - name: bin/hello
>
> The hello binary is simply a shell script that prints hello world. I'm
> creating the snap with snappy build, but making it with snapcraft results
> in the same error (except it triggers on the wrapper). I've also tried
> setting security-template to unconfined, but still get the same error. Any
> thoughts as to what I'm doing wrong here?
>
Like Seth said, the apparmor denial doesn't have anything to do with your
program-- it is a problem with the launcher's profile. This was fixed in LP:
#1471862, but it appears the change was dropped. I'll catch up with the snappy
core team and see what happened and get that fixed.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20151027/6307d0d5/attachment.pgp>
More information about the snappy-app-devel
mailing list