search

ONLYOFFICE / snap-documentserver

The ONLYOFFICE Document Server snap package for the snap package system
https://snapcraft.io/onlyoffice-ds
GNU Affero General Public License v3.0
20 stars 6 forks source link

apparmor issues in snap #100

Open ahcm opened 2 years ago

ahcm commented 2 years ago 
[527108.819297] audit: type=1400 audit(1652772942.981:71): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.mysql" name="/bin/systemctl" pid=929284 comm="mysql.server" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527111.148204] audit: type=1400 audit(1652772945.313:72): apparmor="DENIED" operation="chmod" profile="snap.onlyoffice-ds.mysql"name="/tmp/" pid=929377 comm="chmod" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[527111.213828] audit: type=1400 audit(1652772945.377:73): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929432 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527111.225913] audit: type=1400 audit(1652772945.389:74): apparmor="DENIED" operation="chmod" profile="snap.onlyoffice-ds.mysql"name="/tmp/" pid=929444 comm="chmod" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
[527111.275668] audit: type=1400 audit(1652772945.441:75): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.mysql" name="/bin/systemctl" pid=929502 comm="mysql.server" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527111.291022] audit: type=1400 audit(1652772945.453:76): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929529 comm="my_print_defaul" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527111.316492] audit: type=1400 audit(1652772945.481:77): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929578 comm="my_print_defaul" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527111.429281] audit: type=1400 audit(1652772945.593:78): apparmor="DENIED" operation="open" profile="snap.onlyoffice-ds.mysql" name="/etc/mysql/mariadb.cnf" pid=929833 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[527112.635586] audit: type=1400 audit(1652772946.801:79): apparmor="DENIED" operation="capable" profile="snap.onlyoffice-ds.rabbitmq" pid=930073 comm="async_54" capability=1  capname="dac_override"
[527113.958263] audit: type=1400 audit(1652772948.121:80): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.rabbitmq" name="/bin/df" pid=930211 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527233.978724] audit: type=1400 audit(1652773068.147:81): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.rabbitmq" name="/bin/df" pid=930421 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[527353.980678] audit: type=1400 audit(1652773188.149:82): apparmor="DENIED" operation="exec" profile="snap.onlyoffice-ds.rabbitmq" name="/bin/df" pid=930854 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
ShockwaveNN commented 2 years ago

Hi, please add details in your report

How did you configured AppArmor, which system do you use, all the stuff that help us reproduce the problem

ahcm commented 2 years ago 
$ snap list | grep onlyoffice
onlyoffice-ds  7.0.1          71     latest/stable  onlyoffice*  -
ShockwaveNN commented 2 years ago

Once again, please describe step-by-step scenario on how to reproduce your problem

Which is the system you've using as the host, how did you setup your AppArmor

We are not wizards (and not a support) and the more info you get to us - the easier will be to help you

ahcm commented 2 years ago

Well, install the snap on a Ubuntu 20.04.

The apparmor is configured by the snap. You make the snap. Your snap is the problem. The problem should happen on any system, as far as I know.

igwyd commented 2 years ago

Hello @ahcm, thank you for report. I reproduced your case and create issue 57872 in our private issue tracker.

parmaene commented 1 year ago

Any progress with this issue?

i am running version "onlyoffice-ds 7.3.3" on Ubuntu 20.04 with the same AppArmor messages.

igwyd commented 1 year ago

Hello @parmaene, unfortunately no news yet. I added your request to update information of the bug.

Rhysers commented 1 year ago

I seem to have this too on Ubuntu 22.04.3 LTS

redfox7691 commented 1 month ago

Same on Debian 12 and Ubuntu 24.04. Step to reproduce: