I am developing an application for an arm64 platform running ubuntu core. Our application is written in .NET 5. I have created the snap with plugs to: network, network-bind and network-observe.
Everything seems to be working fine (grade is still devel) but the system gets floaded with a lot of apparmor messages:
Is your program some kind of router management utility and needs to inspect the routing table or otherwise know whether traffic is can be forwarded to particular interfaces?
My program translates messages and commands of ip connected devices (eg PA systems, Onvif Cams and so on) to mqtt topics.
It uses nuget packages MqttNet (for mqtt connection on localhost) and ZeroConf for zeroconf device discovery.
For webservice discovery it sends probe messages to 239.255.255.250 about every 30 secs
I still get these apparmor messages, even when nothing else is connected. So I guess the cause should be one of these three mechanisms?
try adding the firewall-control interface (and connect it), that should at least cover the ipv6 denial (not sure why it does not cover ipv4, that probably needs fixing)ā¦
Iāve not come across a process wanting to lock files under /proc - is this a normal thing to want to do? If so, what purpose does it serve? Finally, can the application be changed to just simply not lock these files instead or is this a required piece of functionality?
The application is developed in .NET5. I do not actively try to lock anything. Donāt know how .NET handles and translates network requests/traffic.
If I disable the ZeroConf (nuget) package, most messages seem to have disappeared, well at least the fact that I get these messages every 8 seconds. I did see an occasional apparmor denied on /proc/5944/net/tcp(6). Need to look into this further
I have taken a look at the ZeroConf package. Standard it does a call
netInterfacesToSendRequestOn = System.Net.NetworkInformation.NetworkInterface.GetAllNetworkInterfaces()
and sends an mdns request on every interface.
Could it be that the GetAllInterfaces() call results in the apparmor denied message?