Reinstalling snap does not update the profile

Gustavo Niemeyer gustavo at niemeyer.net
Tue May 17 15:06:42 UTC 2016 

That sounds very unfortunate. We'll get on it immediately.

Sorry for the trouble!


On Tue, May 17, 2016 at 11:15 AM, Didier Roche <didrocks at ubuntu.com> wrote:

> Le 17/05/2016 08:59, Patrick Boettcher a écrit :
> > Hi list,
>
> Hey Patrick,
> >
> > I'm facing an issue with apparmor profiles which are not updated when
> > over-installing a new version (or existing version) or a snap.
>
> Yeah, I think you are not the first to encounter such a situation, I've
> been bitten myself as well, especially when you iterate locally and
> install, reinstall the same snap multiple times (this was with either
> the snappy command but still valid since the snap/snapd transition).
>
> Talking last week with Michael and it doesn't seem to be an unknown
> issue. Jamie, Michael, is that
> https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1569581? Do you
> have this on your roadmap?
>
> The easy workaround for now is to snap remove <package_name>; snap
> install <package_name>. For me, that always rebuilt the profiles.
>
> Cheers,
> Didier
>
>
> >
> > I'm creating a snap from binaries I built without using snapcraft (I
> > generated a rootfs in which I created meta/snap.yaml on which I did
> > "snapcraft snap .") . My snap.yaml:
> >
> >   name: libshdata
> >   version: 1.6
> >   summary: none
> >   description: none
> >   architectures: [armhf]
> >
> >   apps:
> >       test:
> >           command: usr/bin/program
> >           plugs: [network]
> >
> >
> > When now 'snap install'ing this snap the first time, it created the
> > 000001-dir and the current-link and everything works fine.
> >
> > Just re-installing the same snap gives me an apparmor-error saying that
> > the wrapper cannot open the binary. We also regenerated the snap
> > incrementing to the version 1.7 .
> >
> > AppArmor cries out like this:
> >
> > type=1400 audit(1463491905.860:297): apparmor="DENIED" operation="open"
> >
> profile="snap.libshdata.test"name="/snap/libshdata/100002/usr/bin/program"
> > pid=1877 comm="program" requested_mask="r" denied_mask="r" fsuid=1000
> > ouid=0
> >
> > I then checked
> >
> >
>  /writable/system-data/var/lib/snapd/apparmor/profiles/snap.libshdata.program
> >
> > and saw that
> >
> >   @{SNAP_REVISION}="100001"
> >
> > had not been updated.
> >
> > My platform is Raspi2:
> >
> > canonical-pi2        3.2                               canonical
> > canonical-pi2-linux  4.4.0-1009-raspi2+20160421.13-36  canonical
> > ubuntu-core          16.04+20160420.05-14              canonical
> >
> > Is this a bug or a mistake on my side?
> >
> > regards,
> > --
> > Patrick.
> >
>
>
> --
> snappy-devel mailing list
> snappy-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snappy-devel
>



-- 

gustavo @ http://niemeyer.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160517/52032e13/attachment.html>

More information about the snappy-devel mailing list