Adding base64 command to default snap apparmor

Hi,

I am snapping an application that needs to call base64, which is shipped as part of the core snap, but the default apparmor doesn’t allow access to it:

= AppArmor =
Time: Aug  8 11:01:47
Log: apparmor="DENIED" operation="open" profile="snap.SNAP_NAME.SNAP_APP" name="/usr/bin/base64" pid=29319 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /usr/bin/base64 (read)
Suggestions:
* adjust snap to ship 'base64'
* adjust program to use relative paths if the snap already ships 'base64'

I can obviously ship base64 in my snap fine and this works, but I’m wondering if maybe we should considering adding base64 to the default apparmor whitelist for files allowed from the core snap (i.e. here: https://github.com/snapcore/snapd/blob/924273ab09f09f7e17ae645baf287c1e1d15d8c8/interfaces/apparmor/template.go#L106) ?

Thanks,
Ian

1 Like

Added to the list for the next batch of updates for 2.35. Thanks!