The MAAS snap currently reports lots of apparmor denials for rw
on /run/uuidd/request
see LP #1867571 for info.
Tracking this down it appears to be Python’s uuid.uuid1()
implementation, which is in turn using libuuid
. That requests rw
access to uuidd
which is running on the host, listening on /run/uuidd/request
.
As this is Python stdlib, MAAS is not the only snap that this denial occurs in:
- ROS based snap also hit it
- Open vSwitch support added it to avoid denials there.
In 2049f2c @jdstrand added r
support, but in our tests it’s always rw
that’s requested.
Could the template apparmor profile allow write access too? Or if that’s considered too broad, an interface be added to allow this?