Hello,
I am trying to build a strictly confined snap for srsRAN, an open-source network, radio and UE (cellphone) simulator. Among other things, this software creates a UNIX process and binds it to an address. Unfortunately, AppArmor denies this bind action. Can you please advise on what I should do with this issue?
Here is the content of the snapcraft.yaml file:
name: srsran
base: core20
version: '22.04.1'
summary: srsRAN is a 4G/5G software radio suite developed by SRS.
description: srsRAN is a 4G/5G software radio suite developed by SRS.
grade: devel
confinement: strict
apps:
srsepc:
command: usr/local/bin/srsepc
plugs:
- home
- network
- network-bind
- network-control
parts:
srsran:
plugin: cmake
source: https://github.com/srsRAN/srsRAN.git
source-type: git
source-tag: release_22_04_1
build-packages:
- build-essential
- cmake
- libfftw3-dev
- libmbedtls-dev
- libboost-program-options-dev
- libconfig++-dev
- libsctp-dev
stage-packages:
- libboost-program-options1.71.0
- libconfig++9v5
- libfftw3-single3
- libmbedcrypto3
- libsctp1
Logs taken from syslog:
Oct 18 21:09:33 alert-firebrat kernel: [103995.593067] audit: type=1400 audit(1666127373.616:521): apparmor="DENIED" operation="bind" profile="snap.srsran.srsepc" pid=10838 comm="srsepc" family="unix" sock_type="dgram" protocol=0 requested_mask="bind" denied_mask="bind" addr="@6D6D655F73313100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
Here is the upstream source code and line where the binding action is called: https://github.com/srsran/srsRAN/blob/master/srsepc/src/mme/mme_gtpc.cc#L77