I have a non default dns setup on my host to make my dnscrypt-proxy dns
server setting stick across network interfaces, wifi access point
changes in network-manager, and reboots.
rm /etc/resolvconf/resolv.conf
cat <<EOF > sudo tee /etc/resolvconf/resolv.conf.d/head
nameserver <ip-of-my-local-dnscrypt-proxy-instance>
EOF
This causes the following when running my snap which uses the network
interface
= AppArmor =
Time: Oct 30 08:48:34
Log: apparmor="DENIED" operation="open" profile="snap.btcd.daemon" name="/etc/resolvconf/resolv.conf.d/head" pid=27224 comm="btcd" requested_mask="r" denied_mask="r" fsuid=584788 ouid=0
File: /etc/resolvconf/resolv.conf.d/head (read)
Which (I think) in turn causes this
INF] CMGR: DNS discovery failed on seed seed.bitcoin.sipa.be: lookup seed.bitcoin.sipa.be on [::1]:53: read udp [::1]:34651->[::1]:53: read: connection refused
Are these events related? What is the correct fix?
My initial guess is that I need to add network-bind
for the snap to be able to listen for incoming UDP packets. Is that correct?
I’ve tried to look at the apparmor profile configuration, but I don’t find any file for my snap in /etc/apparmor.d, only a profile listed in the aa-status output.