Hi all,
I’m new to the forum and the snaps.
I wrote a python service and relative snap in devmode confinement and all works fine.
Now I recompiled snap in strict confinement, installed my python service on a Ubuntu Core 16 but the service can’t start.
So I finded the problems in debug logs with the command:
sudo journalctl | grep audit
When service try to start I get following two error about “apparmor” permission:
Feb 15 09:01:38 localhost.localdomain audit[25817]: AVC apparmor=“DENIED” operation=“open” profile=“snap.python-edge-platform.python-edge-platform” name="/home/boschrexroth/python-code/app.py" pid=25817 comm=“python3” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=1000
Feb 15 09:01:38 localhost.localdomain kernel: audit: type=1400 audit(1613379698.364:433519): apparmor=“DENIED” operation=“open” profile=“snap.python-edge-platform.python-edge-platform” name="/home/boschrexroth/python-code/app.py" pid=25817 comm=“python3” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=1000
I found also my file
/var/lib/snapd/apparmor/profiles/snap.python-edge-platform.python-edge-platform
But I don’t understand what I must modify in this file to change AppArmor policy on the target system.
I’m trying to follow the guide https://snapcraft.io/docs/debug-snaps, Section: AppArmor violations
Any suggestion?
Thank you all!