updated plug of system-files with additional read/write does not get updated apparmor profile on refresh
Bug #1942266 reported by
Ian Johnson
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
Fix Committed
|
High
|
Paweł Stołowski | ||
Bug Description
With this snap built locally and installed:
```
name: test-system-
version: 0.1
plugs:
foo:
interface: system-files
write:
- /etc/resolv.conf
apps:
bin:
command: bin.sh
```
if you manually connect the foo plug, you will see apparmor policy generated for /etc/resolv.conf.
Then if you update the snap.yaml to this:
```
name: test-system-
version: 0.2
plugs:
foo:
interface: system-files
write:
- /etc/resolv.conf
- /etc/foo.conf
apps:
bin:
command: bin.sh
```
and then refresh the snap, the AppArmor profile is not updated to take into account the foo.conf too. If you disconnect the interface and then re-connect the interface, then AppArmor rules for /etc/foo.conf show up.
Revision history for this message
| Ian Johnson (anonymouse67) wrote | #1 |
Revision history for this message
| Paweł Stołowski (stolowski) wrote | #2 |
| Changed in snapd: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
Revision history for this message
| Paweł Stołowski (stolowski) wrote | #3 |
| Changed in snapd: | |
| status: | Confirmed → Fix Committed |
| assignee: | nobody → Paweł Stołowski (stolowski) |
Revision history for this message
| Ian Johnson (anonymouse67) wrote | #4 |
| Changed in snapd: | |
| milestone: | none → 2.52 |
To post a comment you must log in.
I have proposed a regression test which we can use to verify the fix at https:/