1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122 | 2017/06/02 16:49:06 Error executing external:ubuntu-core-16-arm-32:tests/main/security-setuid-root :
-----
+ su test -c 'sh -c "SNAP_NAME=test-snapd-tools /snap/core/current/usr/lib/snapd/snap-confine snap.test-snapd-tools.cmd /bin/true 2>/dev/null"'
+ su test -c 'sh -c "SNAP_NAME=test-snapd-tools /snap/core/current/usr/lib/snapd/snap-confine snap.test-snapd-tools.cmd /bin/true 2>&1"'
+ MATCH 'Refusing to continue to avoid permission escalation attacks'
error: pattern not found, got:
sh: 1: /snap/core/current/usr/lib/snapd/snap-confine: not found
-----
2017/06/02 16:49:07 Debug output for external:ubuntu-core-16-arm-32:tests/main/security-setuid-root :
-----
+ ls -ld /snap/core/current/usr/lib/snapd/snap-confine
ls: cannot access '/snap/core/current/usr/lib/snapd/snap-confine': No such file or directory
+ true
+ ls -ld /snap/ubuntu-core/current/usr/lib/snapd/snap-confine
ls: cannot access '/snap/ubuntu-core/current/usr/lib/snapd/snap-confine': No such file or directory
+ true
+ ls -ld /usr/lib/snapd/snap-confine
-rwsr-xr-x 1 root root 129448 Jun 1 18:02 /usr/lib/snapd/snap-confine
+ snap list
Name Version Rev Developer Notes
core 16-2.26.4 2086 canonical -
pi2 16.04-0.17 29 canonical -
pi2-kernel 4.4.0-1055.62 31 canonical -
test-snapd-tools 1.0 x1 -
+ echo '# journal messages for snapd'
# journal messages for snapd
+ journalctl -u snapd
-- Logs begin at Fri 2017-06-02 14:47:32 UTC, end at Fri 2017-06-02 14:49:07 UTC. --
Jun 02 14:47:33 localhost.localdomain /usr/lib/snapd/snapd[7252]: daemon.go:176: DEBUG: uid=0;@ GET /v2/snaps 842.52875ms 200
Jun 02 14:47:36 localhost.localdomain /usr/lib/snapd/snapd[7252]: daemon.go:176: DEBUG: uid=0;@ POST /v2/snaps/firewall-control-consumer 2.808335524s 202
Jun 02 14:47:36 localhost.localdomain /usr/lib/snapd/snapd[7252]: taskrunner.go:367: DEBUG: Running task 84 on Do: Stop snap "firewall-control-consumer" services
Jun 02 14:47:38 localhost.localdomain /usr/lib/snapd/snapd[7252]: taskrunner.go:367: DEBUG: Running task 85 on Do: Remove aliases for snap "firewall-control-consumer"
Jun 02 14:47:39 localhost.localdomain /usr/lib/snapd/snapd[7252]: taskrunner.go:367: DEBUG: Running task 86 on Do: Make snap "firewall-control-consumer" unavailable to the system
Jun 02 14:47:40 localhost.localdomain /usr/lib/snapd/snapd[7252]: taskrunner.go:367: DEBUG: Running task 87 on Do: Remove security profile for snap "firewall-control-consumer" (x1)
Jun 02 14:47:41 localhost.localdomain /usr/lib/snapd/snapd[7252]: taskrunner.go:367: DEBUG: Running task 88 on Do: Remove data for snap "firewall-control-consumer" (x1)
Jun 02 14:47:41 localhost.localdomain /usr/lib/snapd/snapd[7252]: taskrunner.go:367: DEBUG: Running task 89 on Do: Remove snap "firewall-control-consumer" (x1) from the system
Jun 02 14:47:46 localhost.localdomain /usr/lib/snapd/snapd[7252]: taskrunner.go:367: DEBUG: Running task 90 on Do: Discard interface connections for snap "firewall-control-consumer" (x1)
Jun 02 14:47:48 localhost.localdomain systemd[1]: Stopping Snappy daemon...
Jun 02 14:47:48 localhost.localdomain snapd[7252]: 2017/06/02 14:47:48.417599 main.go:71: Exiting on terminated signal.
Jun 02 14:47:48 localhost.localdomain systemd[1]: Stopped Snappy daemon.
Jun 02 14:48:37 localhost.localdomain systemd[1]: Started Snappy daemon.
Jun 02 14:48:37 localhost.localdomain /usr/lib/snapd/snapd[7654]: daemon.go:250: DEBUG: init done in 6.142713ms
Jun 02 14:48:37 localhost.localdomain /usr/lib/snapd/snapd[7654]: daemon.go:251: started snapd/2.26.4 (series 16) ubuntu-core/16 (armhf) linux/4.4.0-1057-raspi2.
Jun 02 14:48:37 localhost.localdomain snapd[7654]: 2017/06/02 14:48:37.867543 daemon.go:251: started snapd/2.26.4 (series 16) ubuntu-core/16 (armhf) linux/4.4.0-1057-raspi2.
Jun 02 14:48:38 localhost.localdomain /usr/lib/snapd/snapd[7654]: snapmgr.go:504: DEBUG: Next refresh scheduled for 2017-06-02 23:12:20.36155687 +0000 UTC.
Jun 02 14:48:39 localhost.localdomain /usr/lib/snapd/snapd[7654]: daemon.go:176: DEBUG: uid=0;@ POST /v2/snaps 1.664386778s 202
Jun 02 14:48:39 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 68 on Do: Prepare snap "/tmp/snapd-sideload-pkg-133728334" (unset)
Jun 02 14:48:40 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 69 on Do: Mount snap "test-snapd-tools" (unset)
Jun 02 14:48:49 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 70 on Do: Copy snap "test-snapd-tools" data
Jun 02 14:48:51 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 71 on Do: Setup snap "test-snapd-tools" (unset) security profiles
Jun 02 14:49:01 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 72 on Do: Make snap "test-snapd-tools" (unset) available to the system
Jun 02 14:49:02 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 73 on Do: Setup snap "test-snapd-tools" (unset) security profiles (phase 2)
Jun 02 14:49:03 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 74 on Do: Set automatic aliases for snap "test-snapd-tools"
Jun 02 14:49:03 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 75 on Do: Setup snap "test-snapd-tools" aliases
Jun 02 14:49:04 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 76 on Do: Start snap "test-snapd-tools" (unset) services
Jun 02 14:49:05 localhost.localdomain /usr/lib/snapd/snapd[7654]: taskrunner.go:367: DEBUG: Running task 77 on Do: Run configure hook of "test-snapd-tools" snap if present
Jun 02 14:49:06 localhost.localdomain /usr/lib/snapd/snapd[7654]: daemon.go:176: DEBUG: uid=0;@ GET /v2/snaps?snaps=test-snapd-tools 7.143287ms 200
Jun 02 14:49:07 localhost.localdomain /usr/lib/snapd/snapd[7654]: daemon.go:176: DEBUG: uid=0;@ GET /v2/snaps 17.947565ms 200
+ echo '# apparmor denials '
# apparmor denials
+ dmesg --ctime
+ grep DENIED
+ true
+ echo '# seccomp denials (kills) '
# seccomp denials (kills)
+ dmesg --ctime
+ grep type=1326
+ true
+ echo '# snap interfaces'
# snap interfaces
+ snap interfaces
Slot Plug
:account-control -
:alsa -
:autopilot-introspection -
:bluetooth-control -
:browser-support -
:camera -
:classic-support -
:core-support core:core-support-plug
:dcdbas-control -
:docker-support -
:firewall-control -
:framebuffer -
:fuse-support -
:hardware-observe -
:hardware-random-control -
:hardware-random-observe -
:home -
:io-ports-control -
:joystick -
:kernel-module-control -
:kubernetes-support -
:log-observe -
:lxd-support -
:mount-observe -
:netlink-audit -
:netlink-connector -
:network -
:network-bind -
:network-control -
:network-observe -
:network-setup-control -
:network-setup-observe -
:opengl -
:openvswitch-support -
:physical-memory-control -
:physical-memory-observe -
:ppp -
:process-control -
:raw-usb -
:removable-media -
:shutdown -
:snapd-control -
:system-observe -
:system-trace -
:time-control -
:timeserver-control -
:timezone-control -
:tpm -
:uhid -
-----
|