Verification on Jammy ===================== Verification was done with help of: - a just script: https://paste.ubuntu.com/p/5M6q7nRfjV/ - otel configuration: https://paste.ubuntu.com/p/5M6q7nRfjV/
1. Reproduce with snapd deb < 2.71 - Followed the steps in the justfile - Inspected the audit log - Then: ``` ubuntu@snapd-test:~$ snap version snap 2.71 snapd 2.68.5+ubuntu22.04.1 series 16 ubuntu 22.04 kernel 5.15.0-144-generic ubuntu@snapd-test:~$ sudo dmesg | grep "dac_read_search" [ 909.638380] audit: type=1400 audit(1759308342.274:238): apparmor="DENIED" operation="capable" profile="snap.opentelemetry-collector.opentelemetry-collector" pid=9085 comm="otelcol" capability=2 capname="dac_read_search" ``` 2. Prove fix with snapd deb 2.71 - Followed the steps in the justfile - Inspected the audit log - Downgrade snapd to < 2.71 - Then: ``` ubuntu@snapd-test:~$ snap version snap 2.71+ubuntu22.04 snapd 2.71+ubuntu22.04 series 16 ubuntu 22.04 kernel 5.15.0-144-generic ubuntu@snapd-test:~$ sudo dmesg | grep "dac_read_search" <--- no denial ``` ** Tags removed: verification-needed verification-needed-jammy verification-needed-noble verification-needed-plucky ** Tags added: verification-done-jammy verification-done-noble verification-done-plucky verification-done-questing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2098780 Title: Add dac_read_search capabilities to the log-observe interface To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2098780/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
