Permission Denied and AppArmor Denial

[Jamie Strandboge]

On 10/26/2015 07:32 PM, robert_joslyn at selinc.com wrote:
> I'm trying to get a simple hello world snap working, but I'm getting a 
> permission denied error when trying to run the program.
> 
> (amd64)ubuntu at localhost:~$ hello.hello
> execv failed: Permission denied
> 
> It seems that AppArmor is blocking this, as this message appears in the 
> kernel log:
> 
> Oct 26 23:48:11 localhost kernel: [  655.094769] audit: type=1400 
> audit(1445903291.119:15): apparmor="DENIED" operation="getattr" 
> info="Failed name lookup - disconnected path" error=-13 
> profile="/usr/bin/ubuntu-core-launcher" name="dev/pts/0" pid=1001 
> comm="ubuntu-core-lau" requested_mask="r" denied_mask="r" fsuid=1000 
> ouid=1000
> 
> My package.yaml is:
> name: hello
> version: 0.0.1
> vendor: none
> 
> binaries:
>  - name: bin/hello
> 
> The hello binary is simply a shell script that prints hello world. I'm 
> creating the snap with snappy build, but making it with snapcraft results 
> in the same error (except it triggers on the wrapper). I've also tried 
> setting security-template to unconfined, but still get the same error. Any 
> thoughts as to what I'm doing wrong here? 
> 
Like Seth said, the apparmor denial doesn't have anything to do with your
program-- it is a problem with the launcher's profile. This was fixed in LP:
#1471862, but it appears the change was dropped. I'll catch up with the snappy
core team and see what happened and get that fixed.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20151027/6307d0d5/attachment.pgp>