Reinstalling snap does not update the profile
Patrick Boettcher
patrick.boettcher at posteo.de
Tue May 17 13:59:56 UTC 2016
Hi list,
I'm facing an issue with apparmor profiles which are not updated when
over-installing a new version (or existing version) or a snap.
I'm creating a snap from binaries I built without using snapcraft (I
generated a rootfs in which I created meta/snap.yaml on which I did
"snapcraft snap .") . My snap.yaml:
name: libshdata
version: 1.6
summary: none
description: none
architectures: [armhf]
apps:
test:
command: usr/bin/program
plugs: [network]
When now 'snap install'ing this snap the first time, it created the
000001-dir and the current-link and everything works fine.
Just re-installing the same snap gives me an apparmor-error saying that
the wrapper cannot open the binary. We also regenerated the snap
incrementing to the version 1.7 .
AppArmor cries out like this:
type=1400 audit(1463491905.860:297): apparmor="DENIED" operation="open"
profile="snap.libshdata.test"name="/snap/libshdata/100002/usr/bin/program"
pid=1877 comm="program" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
I then checked
/writable/system-data/var/lib/snapd/apparmor/profiles/snap.libshdata.program
and saw that
@{SNAP_REVISION}="100001"
had not been updated.
My platform is Raspi2:
canonical-pi2 3.2 canonical
canonical-pi2-linux 4.4.0-1009-raspi2+20160421.13-36 canonical
ubuntu-core 16.04+20160420.05-14 canonical
Is this a bug or a mistake on my side?
regards,
--
Patrick.
More information about the snappy-devel
mailing list