snapd

  1. Bug #1926442
  2. Comment #0

Comment 0 for bug 1926442

Revision history for this message
Lukas Märdian (slyon) wrote : cannot execute 'netplan generate' from within a snap

A snap, connected to the 'network-setup-control' interface can edit files in /etc/netplan/ but it is not able to execute 'netplan generate' command successfully.

A call to '/usr/sbin/netplan generate' fails with apparmor errors like this:
[ 529.034756] audit: type=1400 audit(1619611886.273:702): apparmor="DENIED" operation="exec" profile="snap.network-manager.networkmanager" name="/usr/lib/netplan/generate" pid=15227 comm="netplan" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Apr 28 12:13:55 foobar network-manager.networkmanager[2280]: PermissionError: [Errno 13] Permission denied: '/lib/netplan/generate

It looks like the Python wrapper for netplan (in /usr/sbin/netplan) is whitelisted, but the actual netplan generator (in /usr/lib/netplan/generate) is not.