Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apparmor issues in snap #100

Open
ahcm opened this issue May 17, 2022 · 9 comments
Open

apparmor issues in snap #100

ahcm opened this issue May 17, 2022 · 9 comments
Labels
confirmed-bug Issues with confirmed bugs

Comments

@ahcm
Copy link

ahcm commented May 17, 2022 

[527108.819297] audit: type=1400 audit(1652772942.981:71): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.mysql" name="/bin/systemctl" pid=929284 comm="mysql.server" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527111.148204] audit: type=1400 audit(1652772945.313:72): apparmor="DENIED" operation="chmod" profile="snap.onlyoffice-ds.mysql"name="/tmp/" pid=929377 comm="chmod" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[527111.213828] audit: type=1400 audit(1652772945.377:73): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929432 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527111.225913] audit: type=1400 audit(1652772945.389:74): apparmor="DENIED" operation="chmod" profile="snap.onlyoffice-ds.mysql"name="/tmp/" pid=929444 comm="chmod" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[527111.275668] audit: type=1400 audit(1652772945.441:75): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.mysql" name="/bin/systemctl" pid=929502 comm="mysql.server" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527111.291022] audit: type=1400 audit(1652772945.453:76): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929529 comm="my_print_defaul" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527111.316492] audit: type=1400 audit(1652772945.481:77): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929578 comm="my_print_defaul" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527111.429281] audit: type=1400 audit(1652772945.593:78): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929833 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527112.635586] audit: type=1400 audit(1652772946.801:79): apparmor="DENIED" operation="capable" profile="snap.onlyoffice-ds.rabbitmq" pid=930073 comm="async_54" capability=1  capname="dac_override"
[527113.958263] audit: type=1400 audit(1652772948.121:80): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.rabbitmq" name="/bin/df" pid=930211 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527233.978724] audit: type=1400 audit(1652773068.147:81): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.rabbitmq" name="/bin/df" pid=930421 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527353.980678] audit: type=1400 audit(1652773188.149:82): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.rabbitmq" name="/bin/df" pid=930854 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
@ShockwaveNN ShockwaveNN transferred this issue from ONLYOFFICE/DocumentServer May 17, 2022
@ShockwaveNN
Copy link

Hi, please add details in your report

How did you configured AppArmor, which system do you use, all the stuff that help us reproduce the problem

@ahcm
Copy link
Author

ahcm commented May 17, 2022 

$ snap list | grep onlyoffice
onlyoffice-ds  7.0.1          71     latest/stable  onlyoffice*  -

@ShockwaveNN
Copy link

Once again, please describe step-by-step scenario on how to reproduce your problem

Which is the system you've using as the host, how did you setup your AppArmor

We are not wizards (and not a support) and the more info you get to us - the easier will be to help you

@ahcm
Copy link
Author

ahcm commented May 17, 2022

Well, install the snap on a Ubuntu 20.04.

The apparmor is configured by the snap. You make the snap.
Your snap is the problem. The problem should happen on any system, as far as I know.

@igwyd
Copy link
Member

igwyd commented Jun 29, 2022

Hello @ahcm, thank you for report.
I reproduced your case and create issue 57872 in our private issue tracker.

@parmaene
Copy link

Any progress with this issue?

i am running version "onlyoffice-ds 7.3.3" on Ubuntu 20.04 with the same AppArmor messages.

@igwyd
Copy link
Member

igwyd commented Apr 26, 2023

Hello @parmaene, unfortunately no news yet. I added your request to update information of the bug.

@Rita-Bubnova Rita-Bubnova added the confirmed-bug Issues with confirmed bugs label Aug 11, 2023
@Rhysers
Copy link

Rhysers commented Aug 15, 2023

I seem to have this too on Ubuntu 22.04.3 LTS

@redfox7691
Copy link

redfox7691 commented Aug 1, 2024
edited
Loading

Same on Debian 12 and Ubuntu 24.04. Step to reproduce:

  • sudo -i
  • snap install onlyoffice-ds
  • snap set onlyoffice-ds onlyoffice.example-enabled=true
  • try to open one of demo documents with http://localhost/example/editor?fileName=sample.xlsx and system freeze with lots of logs like this:
    [...] apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.rabbitmq" name="/usr/bin/df" pid=4212 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed-bug Issues with confirmed bugs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@parmaene @ShockwaveNN @redfox7691 @ahcm @Rhysers @Rita-Bubnova @igwyd