如何绕过 `apparmor="DENIED" operation="open"`?

tag-icon tag-icon 20.04 apparmor slack
如何绕过 `apparmor="DENIED" operation="open"`?

我已在20.04 上升级slack(v4.27.154) ,但无法运行。我尝试卸载并重新安装,但无济于事。我从未弄乱过任何一个。snapslackapparmor

尝试启动 slack 后,我在日志应用程序中看到以下消息。

audit: type=1400 audit(1656462082.516:35): apparmor="DENIED" operation="open" profile="snap.slack.slack" name="/etc/slack.conf" pid=4493 comm="slack" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

这似乎是apparmor。所以我看到以下内容:

$ sudo aa-status
[sudo] password for me: 
apparmor module is loaded.
25 profiles are loaded.
25 profiles are in enforce mode.
   /snap/core/13308/usr/lib/snapd/snap-confine
   /snap/core/13308/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /snap/snapd/15904/usr/lib/snapd/snap-confine
   /snap/snapd/15904/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   /snap/snapd/16010/usr/lib/snapd/snap-confine
   /snap/snapd/16010/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
   docker-default
   snap-update-ns.core
   snap-update-ns.gnome-system-monitor
   snap-update-ns.mattermost-desktop
   snap-update-ns.slack
   snap-update-ns.snap-store
   snap-update-ns.teams-for-linux
   snap.core.hook.configure
   snap.gnome-system-monitor.gnome-system-monitor
   snap.gnome-system-monitor.hook.configure
   snap.mattermost-desktop.hook.configure
   snap.mattermost-desktop.mattermost-desktop
   snap.slack.hook.configure
   snap.slack.slack
   snap.snap-store.hook.configure
   snap.snap-store.snap-store
   snap.snap-store.ubuntu-software
   snap.snap-store.ubuntu-software-local-file
   snap.teams-for-linux.teams-for-linux
0 profiles are in complain mode.
6 processes have profiles defined.
6 processes are in enforce mode.
   /snap/slack/63/usr/lib/slack/slack (4493) snap.slack.slack
   /snap/slack/63/usr/lib/slack/slack (4497) snap.slack.slack
   /snap/slack/63/usr/lib/slack/slack (4498) snap.slack.slack
   /snap/slack/63/usr/lib/slack/slack (4605) snap.slack.slack
   /snap/slack/63/usr/lib/slack/slack (4615) snap.slack.slack
   /snap/snap-store/558/usr/bin/snap-store (3668) snap.snap-store.ubuntu-software
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

搜索snap.slack.slack文件后(我认为我可以将其添加到禁用目录),我只找到以下文件:

/sys/fs/cgroup/devices/snap.slack.slack
/var/cache/apparmor/26b63962.0/snap.slack.slack
/var/lib/snapd/apparmor/profiles/snap.slack.slack

/etc/apparmor.d但中没有文件snap.slack.slack

有人有想法吗?

答案1

我对相同的 slack 和 Ubuntu 版本也遇到了同样的问题。

目前,我已将 slack 快速恢复到 4.26.1 版本,并且 slack 可以再次运行。

我对新旧 /var/lib/snapd/apparmor/profiles/snap.slack.slack 配置文件进行了比较,它们是相同的(SNAP_REVISION 除外)。

我找不到任何关于 /etc/slack.conf 访问 snap.slack.slack 配置文件的提及。

我在 /etc/ 中有一个 slack.conf 文件,但它与另一个 slack 应用程序相关: slack - 系统管理员的惰性自动配置工具包

相关内容