Hello.
We have a snap in private store that has interface “shutdown” (plus many others) but we cannot achieve to reboot the device when we need.
We tried with programmatic ‘reboot’ system call and then also by porting the /sbin/reboot and calling it from our daemon, but AppArmor is denying that:
Jun 26 13:29:22 localhost kernel: [16997.171225] audit: type=1400 audit(1498483762.552:61): apparmor=“DENIED” operation=“open” profile=“snap.fingbox-agent.fingbox” name="/proc/1/environ" pid=10473 comm=“reboot” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Jun 26 13:29:22 localhost kernel: [16997.171783] audit: type=1400 audit(1498483762.552:62): apparmor=“DENIED” operation=“open” profile=“snap.fingbox-agent.fingbox” name="/sys/kernel/kexec_loaded" pid=10473 comm=“reboot” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Jun 26 13:29:22 localhost kernel: [16997.173115] audit: type=1400 audit(1498483762.552:63): apparmor=“DENIED” operation=“connect” profile=“snap.fingbox-agent.fingbox” name="/run/systemd/private" pid=10473 comm=“reboot” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0
Jun 26 13:29:22 localhost kernel: [16997.183459] audit: type=1107 audit(1498483762.564:64): pid=1135 uid=100 auid=4294967295 ses=4294967295 msg=‘apparmor=“DENIED” operation=“dbus_method_call” bus=“system” path="/org/freedesktop/systemd1" interface=“org.freedesktop.systemd1.Manager” member=“StartUnit” mask=“send” name=“org.freedesktop.systemd1” pid=10473 label=“snap.fingbox-agent.fingbox” peer_pid=1 peer_label=“unconfined”
Jun 26 13:29:22 localhost kernel: [16997.183459] exe="/usr/bin/dbus-daemon" sauid=100 hostname=? addr=? terminal=?’