Unable to use raw socket

carroarmato0 · January 14, 2020, 1:08pm

I’m currently making a snap for this project: https://github.com/imsnif/bandwhich

It visualizes the amount of traffic used by applications by cross-referencing process names in /proc and the observing traffic passing through network interfaces.

I thought using the following plugs would be enough, but after changing the confinement to strict, AppArmor prevents it from opening a raw socket:

apps:
  bandwhich:
    command: bandwhich
    plugs:
      - network
      - network-bind
      - system-observe

= AppArmor =
Time: Jan 14 13:58:02
Log: apparmor="DENIED" operation="create" profile="snap.bandwhich-carroarmato0.bandwhich" pid=30386 comm="bandwhich" family="packet" sock_type="raw" protocol=768 requested_mask="create" denied_mask="create"

Any suggestions on how to deal with that?

ijohnson · January 14, 2020, 3:22pm

The network-control interface allows using raw packet sockets, did you try declaring that interface in your snap and connecting it after installing the snap?

carroarmato0 · February 13, 2020, 1:55pm

@ijohnson that unfortunately didn’t help, but I noticed that @popey has bumped into the issue a day later. (Possibly missing apparmor network permission)

At the moment the only way for me to run the snap is to build it using classic confinement and then launching it through sudo.

ijohnson · February 13, 2020, 2:52pm

If you read through the rest of the messages on that forum post, it’s not the raw socket problem that blocks bandwhich from working it’s ptrace. If you (temporarily) add docker-support to your interfaces that the snap plugs, then it should work strictly with network-control as well.