How do I prevent my snap application from falling in apparmour's complain mode?


I’ve built an application via snapcraft for Dell edge gateway(x86 based) machine with confinement devmode. Ubuntu core-16 is the OS on the device and I want to run OS hardening test cases as per

Before installing my snap(application) on my Dell device, I executed the following command as one of the test case: # apparmour_status The response to this command was a set of lines with two specific lines stating: 0 profiles are in complain mode. 0 processes are in complain mode.

But after installing the my application snap, I get a different output to the same command as per the screen shot

Note: snap.gatewayapp.gatewayapp and snap.watchdogapp.watchdogapp are the applications installed by me.

Please help me understand how can I prevent my snap application from falling in apparmour’s complain mode? What are the limitations or potential issues of application in complain mode? Please help me understand it. Thanks in advance. :slight_smile:

A snap will be applied apparmor rules set to complain when you have designated it to be confinement: devmode. You should switch to confinement: strict which will apply the same rules in enforce mode once you’ve worked-out the required interfaces and added them to your snap metadata.