[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04

Jamie Strandboge Tue, 05 Apr 2022 07:50:49 -0700

** Summary changed:

- several snap-confine denials for capability net_admin on 22.04
+ several snap-confine denials for capability net_admin and perfmon on 22.04


** Description changed:

  I recently upgraded to 22.04 and started seeing denials like:
  
- Apr  5 08:57:39 localhost kernel: [   31.386426] audit: type=1400 
audit(1649167059.397:267): apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=2333 comm="snap-confine" 
capability=12  capname="net_admin"
- Apr  5 08:58:14 localhost kernel: [   66.234135] audit: type=1400 
audit(1649167094.420:274): apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=5400 comm="snap-confine" 
capability=12  capname="net_admin"
- Apr  5 08:59:50 localhost kernel: [  162.033225] audit: type=1400 
audit(1649167190.215:293): apparmor="DENIED" operation="capable" 
profile="/usr/lib/snapd/snap-confine" pid=7166 comm="snap-confine" 
capability=12  capname="net_admin"
+ Apr 05 09:38:51 iolanthe audit[5815]: AVC apparmor="DENIED" 
operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5815 
comm="snap-confine" capability=12  capname="net_admin"
+ Apr 05 09:38:51 iolanthe audit[5815]: AVC apparmor="DENIED" 
operation="capable" profile="/usr/lib/snapd/snap-confine" pid=5815 
comm="snap-confine" capability=38  capname="perfmon"
+ Apr 05 09:38:51 iolanthe kernel: audit: type=1400 audit(1649169531.339:277): 
apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" 
pid=5815 comm="snap-confine" capability=12  capname="net_admin"
+ Apr 05 09:38:51 iolanthe kernel: audit: type=1400 audit(1649169531.339:278): 
apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" 
pid=5815 comm="snap-confine" capability=38  capname="perfmon"
  
  I've not been able to figure out what is causing this and will add more
  details if I do. Filing this in case other see it too.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1967884

Title:
  several snap-confine denials for capability net_admin and perfmon on
  22.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04

Reply via email to