This bug was fixed in the package ubuntu-core-launcher - 1.0.22
---
ubuntu-core-launcher (1.0.22) xenial; urgency=medium
* debian/usr.bin.ubuntu-core-launcher: update unconfined change_profile
checks to actually work (LP: #1562989)
ubuntu-core-launcher (1.0.21) xenial;
** Changed in: ubuntu-core-launcher (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1562989
Title:
'aa_change_onexec failed with -1. errmsg:
Looks like the kernel got some fixes and the rules for change_profile
matching unconfined that we had for the launcher no longer work. Those
rules seem like they weren't doing what we wanted anyway, so update
them.
** Package changed: linux (Ubuntu) => ubuntu-core-launcher (Ubuntu)
** Changed
** Changed in: linux (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1562989
Title:
'aa_change_onexec failed with -1. errmsg: Permission denied'
To
It appears that the profile name can't start with 'u'. If I change the
app-profile to prepend anything other than 'u', then it works.
Eg, if I update app-profile accordingly before each call to change the profile
name:
$ sudo apparmor_parser -r ./app-profile ./launcher-profile && aa-exec -p
Here is a reproducer. See main.c for instructions.
** Attachment added: "1562989.tar.gz"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1562989/+attachment/4615205/+files/1562989.tar.gz
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
** Tags added: apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1562989
Title:
'aa_change_onexec failed with -1. errmsg: Permission denied'
To manage notifications about this bug go to:
I took the hello-world application, then adjusted its yaml to be the
same as the ubuntu-clock-app (using ubuntu-cl0ck-app as the name) and
was unable to reproduce.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
$ sudo snappy install ubuntu-clock-app.ubuntucore-dev
$ ubuntu-clock-app.clock
aa_change_onexec failed with -1. errmsg: Permission denied
[1]
Downgrading to ubuntu-core-launcher doesn't help the clock app get past
this failure.
The hello-world app works
** Description changed:
$ sudo snappy install ubuntu-clock-app.ubuntucore-dev
$ ubuntu-clock-app.clock
aa_change_onexec failed with -1. errmsg: Permission denied
[1]
Downgrading to ubuntu-core-launcher doesn't help the clock app get past
this failure.
The hello-world app works
** Summary changed:
- 'aa_change_onexec failed with -1. errmsg: Permission denied' with snaps using
'unconfined' template
+ 'aa_change_onexec failed with -1. errmsg: Permission denied'
** Description changed:
- $ bzr branch lp:~dpm/ubuntu-clock-app/snap-all-things ubuntu-clock-app.dpm
- $
11 matches
Mail list logo
