Comment 0 for bug 1606277

The log-observe interface is broken due to how we handle bind mounts now. This can be seen with 'snappy-debug':

$ sudo snap install snappy-debug
$ sudo snap connect snappy-debug:log-observe ubuntu-core:log-observe
$ sudo /snap/bin/snappy-debug.security scanlog
kernel.printk_ratelimit = 0
Traceback (most recent call last):
  File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 580, in <module>
    sys.exit(main())
  File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 569, in main
    from_end=opt.only_new)
  File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 92, in __init__
    self.scan_log(log_file, snap_name, follow, from_end)
  File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 157, in scan_log
    log = open_file_read(log_file)
  File "/snap/snappy-debug/22/bin/snappy-security-scanlog", line 71, in open_file_read
    orig = codecs.open(path, 'r', "UTF-8", errors="replace")
  File "/usr/lib/python3.5/codecs.py", line 895, in open
    file = builtins.open(filename, mode, buffering)
FileNotFoundError: [Errno 2] No such file or directory: '/var/log/syslog'

This is because /var/log/syslog is not available at runtime due to the bind mounts. This can be shown by installing hello-world, adjusting /var/lib/snapd/apparmor/profiles/snap.hello-world.sh to have "/**/ r," (to be able to read any directory), reloading the profile, then doing:
$ hello-world.sh
...
bash-4.3$ ls /var/log/
alternatives.log btmp dpkg.log fsck watchdog
bootstrap.log dmesg faillog lastlog wtmp

This may also be a problem with other interfaces, I haven't checked extensively, though it seems that /var/lib/extrausers (from the nameservice abstraction) won't work right, and (at least) ppp (/var/log/ppp) and timezone-control (/usr/share/zoneinfo) are also affected.