Eksctl cannot write to stdout

Here is a truly weird one. I have eksctl inside a snap with with classic confinement. Running on Ubuntu 19.10, this command fails:

$ eksctl get cluster modev -o yaml > t
Error: write /dev/stdout: permission denied

These two work just fine

$ eksctl get cluster modev > t
$ eksctl get cluster modev -o yaml | tee t

Any ideas?

Do you see any denials from the system journal? i.e. journalctl -e --no-pager | grep DENIED

@ijohnson

That found the problem. Thank you.

(mfa)(kubernetes_creator) bd4c:~ $ eksctl get cluster modev -o yaml > t
Error: write /dev/stdout: permission denied
(mfa)(kubernetes_creator) bd4c:~ $ journalctl -e --no-pager | grep DENIED
May 07 08:12:00 bd4c audit[6952]: AVC apparmor="DENIED" operation="file_inherit" profile="/snap/core/9066/usr/lib/snapd/snap-confine" name="/home/art/t" pid=6952 comm="snap-confine" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
May 07 08:12:00 bd4c kernel: audit: type=1400 audit(1588857120.626:391): apparmor="DENIED" operation="file_inherit" profile="/snap/core/9066/usr/lib/snapd/snap-confine" name="/home/art/t" pid=6952 comm="snap-confine" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

Any thoughts on why adding -o yaml to the eksctl command makes it fail?

This is bug https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1849753. I don’t know that there is anything you can do as a user until the bug is fixed

Ah… Thanks again.

We can just update our documentation and tell our people to use eksctl ... | tee outputfile instead of eksctl ... > outputfile. No biggie.