Mono app apparmor failure

popey · March 24, 2018, 11:00pm

I snapped a simple mono application, which fails to launch seemingly due to an apparmor issue. So this post is likely targeted in @jdstrand direction

The app just launches usr/bin/mono $SNAP/foo.exe and here’s the snappy-debug output below. Is this something which can be fixed with a simple apparmor rule change?

= AppArmor =
Time: Mar 24 19:30:04
Log: apparmor="ALLOWED" operation="mknod" profile="snap.foo.foo" name="/dev/shm/mono.28218" pid=28218 comm="mono" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
File: /dev/shm/mono.28218 (write)
Suggestions:
* adjust program to create files and directories in /dev/shm/snap.$SNAP_NAME.*
* try the snapcraft preload plugin: https://github.com/sergiusens/snapcraft-preload

= AppArmor =
Time: Mar 24 19:30:04
Log: apparmor="ALLOWED" operation="open" profile="snap.foo.foo" name="/dev/shm/mono.28218" pid=28218 comm="mono" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
File: /dev/shm/mono.28218 (write)
Suggestions:
* adjust program to create files and directories in /dev/shm/snap.$SNAP_NAME.*
* try the snapcraft preload plugin: https://github.com/sergiusens/snapcraft-preload                                                                                                          
                                                                                                                                                                                             
= AppArmor =                                                                                                                                                                                 
Time: Mar 24 19:30:04                                                                                                                                                                        
Log: apparmor="ALLOWED" operation="truncate" profile="snap.foo.foo" name="/dev/shm/mono.28218" pid=28218 comm="mono" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000           
File: /dev/shm/mono.28218 (write)                                                                                                                                                            
Suggestions:                                                                                                                                                                                 
* adjust program to create files and directories in /dev/shm/snap.$SNAP_NAME.*
* try the snapcraft preload plugin: https://github.com/sergiusens/snapcraft-preload

jdstrand · March 26, 2018, 4:54pm

This is the standard ‘shm’ access issue. I wonder if mono has a way to modify the location via an env var? Otherwise, snapcraft preload might help. I think that layouts could help here too: @zyga-snapd, did you create ‘tmpfs’ so that one could change the location for /dev/shm?

popey · March 26, 2018, 5:18pm

Interestingly found this thread (amusingly about the same issue on the macOS app store). So will try the environment variable suggested there. Thanks.

zyga-snapd · March 27, 2018, 2:40pm

I probably misunderstand your question but we agreed that layouts cannot tamper with /dev/

jdstrand · March 27, 2018, 3:03pm

@zyga-snapd: Oh that’s right, I forgot. Thanks!