SNAP "mknod" DENIED messages from AppArmor

WingmanNZ · August 3, 2020, 7:50pm

Hello,

We are working on reducing the apparmor errors that are produced when Plex Media Server is run. So far we have been able to reduce most of them, but are still unable to solve for the following;

[42244.352866] audit: type=1400 audit(1596456637.867:231): apparmor="DENIED" operation="mknod" profile="snap.plexmediaserver.plexmediaserver" name="/dev/shm/ZyA4iQ" pid=8653 comm=506C6578204D656469612053657276 requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[42244.379479] audit: type=1400 audit(1596456637.895:232): apparmor="DENIED" operation="mknod" profile="snap.plexmediaserver.plexmediaserver" name="/dev/shm/akOLZn" pid=8715 comm=506C65782054756E65722053657276 requested_mask="c" denied_mask="c" fsuid=0 ouid=0

Does anyone have any idea id there is a plug that will handle mknod ?

tamas · August 4, 2020, 8:49am

@jdstrand do you have any input on that? ^

ijohnson · August 4, 2020, 11:06am

You could try the browser-support interface, but note you will probably need something like snapcraft-preload to redirect the /dev/shm/… to somewhere that will be allowed by AppArmor such as /dev/shm/snap.@{SNAP_INSTANCE_NAME}.*.