As the name implies this downloads ubuntu ISOs. As a part of the download, the SHA256 key and signed verification GPG file are verified, the ISO downloaded, and the SHA256 key compared to the current directory.
Here is the apparmor logs with a run with devmode:
Because I need 1) access to /dev/shm and 2) would like to continue downloading to the current directory, I am requesting classic mode.
You haven’t stated that you have attempted to strictly confine your application. The logs indicate that you’re running in devmode and thus do not provably indicate that your application fails when it cannot access /dev/shm. Does your application definitely fail when it is prevented from accessing the /dev/shm files?
Is there a reason that the home and removable media interfaces cannot be used for downloading the ISO images? I don’t think saving a downloaded file to arbitrary locations warrants classic mode, as the user can easily adjust their current working directory to one that is writable.
Does your application definitely fail when it is prevented from accessing the /dev/shm files?
Correct here it is under strict confinement:
access to everything in this paste apart from /dev/shm access (which is often not fatal, which is why daniel asked …) is provided by the network and network-bind plugs, did you add these to your app (and did you make sure they are connected too) ?
I had not added network-bind as I was stuck on the /dev/shm errors. After moving on with the other items I needed, it is working as expected. Thank you for the help!
Consider this resolved.
