The log-observe interface is broken due to how we handle bind mounts now. This can be seen with 'snappy-debug':
$ sudo snap install snappy-debug
$ sudo snap connect snappy-debug:log-observe ubuntu-core:log-observe
$ sudo /snap/bin/snappy-debug.security scanlog
kernel.printk_ratelimit = 0
Traceback (most recent call last):
File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 580, in <module>
sys.exit(main())
File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 569, in main
from_end=opt.only_new)
File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 92, in __init__
self.scan_log(log_file, snap_name, follow, from_end)
File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 157, in scan_log
log = open_file_read(log_file)
File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 71, in open_file_read
orig = codecs.open(path, 'r', "UTF-8", errors="replace")
File "/usr/lib/python3.5/codecs.py", line 895, in open
file = builtins.open(filename, mode, buffering)
FileNotFoundError: [Errno 2] No such file or directory: '/var/log/syslog'
This is because /var/log/syslog is not available at runtime due to the bind mounts. This can be shown by installing hello-world, adjusting /var/lib/snapd/apparmor/profiles/snap.hello-world.sh to have "/**/ r," (to be able to read any directory), reloading the profile, then doing:
$ hello-world.sh
...
bash-4.3$ ls /var/log/
alternatives.log btmp dpkg.log fsck watchdog
bootstrap.log dmesg faillog lastlog wtmp
This may also be a problem with other interfaces, I haven't checked extensively, though it seems that /var/lib/extrausers (from the nameservice abstraction) won't work right, and (at least) ppp (/var/log/ppp) and timezone-control (/usr/share/zoneinfo) are also affected.
The log-observe interface is broken due to how we handle bind mounts now. This can be seen with 'snappy-debug':
$ sudo snap install snappy-debug debug:log- observe ubuntu- core:log- observe snappy- debug.security scanlog printk_ ratelimit = 0 snappy- debug/22/ bin/snappy- security- scanlog" , line 580, in <module> exit(main( )) snappy- debug/22/ bin/snappy- security- scanlog" , line 569, in main end=opt. only_new) snappy- debug/22/ bin/snappy- security- scanlog" , line 92, in __init__ scan_log( log_file, snap_name, follow, from_end) snappy- debug/22/ bin/snappy- security- scanlog" , line 157, in scan_log read(log_ file) snappy- debug/22/ bin/snappy- security- scanlog" , line 71, in open_file_read python3. 5/codecs. py", line 895, in open open(filename, mode, buffering)
$ sudo snap connect snappy-
$ sudo /snap/bin/
kernel.
Traceback (most recent call last):
File "/snap/
sys.
File "/snap/
from_
File "/snap/
self.
File "/snap/
log = open_file_
File "/snap/
orig = codecs.open(path, 'r', "UTF-8", errors="replace")
File "/usr/lib/
file = builtins.
FileNotFoundError: [Errno 2] No such file or directory: '/var/log/syslog'
This is because /var/log/syslog is not available at runtime due to the bind mounts. This can be shown by installing hello-world, adjusting /var/lib/ snapd/apparmor/ profiles/ snap.hello- world.sh to have "/**/ r," (to be able to read any directory), reloading the profile, then doing:
$ hello-world.sh
...
bash-4.3$ ls /var/log/
alternatives.log btmp dpkg.log fsck watchdog
bootstrap.log dmesg faillog lastlog wtmp
This may also be a problem with other interfaces, I haven't checked extensively, though it seems that /var/lib/extrausers (from the nameservice abstraction) won't work right, and (at least) ppp (/var/log/ppp) and timezone-control (/usr/share/ zoneinfo) are also affected.