Hello world confinement fail F27

I just installed snap according to the directions. It suggested trying hello-world, so I installed that. hello-world.evil says this:

$ /snap/hello-world/current/bin/evil
Hello Evil World!
This example demonstrates the app confinement
You should see a permission denied error next
If you see this line the confinement is not working correctly, please file a bug

This is expected as confinement relies on AppArmor and Fedora uses SELinux instead. So far nobody has stepped up to implement full SELinux support in snapd.

the script is being run directly… even if apparmor were there, this is wrong.

1 Like

Oh indeed, @chipaca is spot on!

and what @chipaca meant by that is that you should instead use:

/snap/bin/hello-world.evil

:wink:

Or actually snap run hello-world.evil - this will work on all distributions (though the confinement aspect will be the same as Fedora doesn’t use apparmor)

1 Like