kernel-packages team mailing list archive

Thread
Date

[Bug 1562989] [NEW] 'aa_change_onexec failed with -1. errmsg: Permission denied'

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1562989@xxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Mar 2016 19:56:21 -0000
Reply-to: Bug 1562989 <1562989@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

$ sudo snappy install ubuntu-clock-app.ubuntucore-dev
$ ubuntu-clock-app.clock
aa_change_onexec failed with -1. errmsg: Permission denied
[1]

Downgrading to ubuntu-core-launcher doesn't help the clock app get past
this failure.

The hello-world app works ok (it needs ubuntu-core-launcher 1.0.20 since it gets past the above error and the launcher needs to account for NO_NEW_PRIVS):
$ hello-world.env |grep SNAP=
SNAP=/snaps/hello-world.canonical/6.0

$ sudo /snaps/bin/hello-world.env |grep SNAP=
SNAP=/snaps/hello-world.canonical/6.0

cap-test.mvo doesn't have this problem either:
$ sudo snappy install cap-test.mvo
$ cap-test.xbomb

If I disable the apparmor profile with: sudo apparmor_parser -R
/etc/apparmor.d/usr.bin.ubuntu-core-launcher then the app will launch.

Downgrading to the -13 kernel resolves the issue:
$ cat /proc/version_signature 
Ubuntu 4.4.0-13.29-generic 4.4.5

** Affects: linux (Ubuntu)
     Importance: Critical
     Assignee: Tyler Hicks (tyhicks)
         Status: Confirmed

-- 
'aa_change_onexec failed with -1. errmsg: Permission denied'
https://bugs.launchpad.net/bugs/1562989
You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.