Open locnnil opened 3 weeks ago
Since the system-observe snapd interface explicitly has a seccomp rule to deny this syscall, it's unlikely that it can run in a confined way using another interface.
Seems that snapd really wants to suppress ptrace at all costs.
On snap-confine app, the daemon responsible to apply all the Seccomp and AppArmor rules, it's explicitly said that:
'ptrace (trace)' are blocked by AppArmor with typical snapd interfaces.
Seccomp log:
ssdd aplication output: