Skip to content

core26 - coreutils symlink targets not covered by defaultCoreRuntimeTemplateRules #371

Open
Open
core26 - coreutils symlink targets not covered by defaultCoreRuntimeTemplateRules#371
@fnordahl

Description

@fnordahl
fnordahl
opened on Sep 11, 2025

The core26 snap appears to make use of the GNU coreutils, Ubuntu Questing is moving to a default of the uutils re-implementation of coreutils in Rust, and as a side effect the GNU coreutils binaries are now behind a layer of symlinks.

The snapd defaultCoreRuntimeTemplateRules does not cover this:
https://github.com/canonical/snapd/blob/44ef02278af92d3961fe6d8cedf8a4533f5aa53d/interfaces/apparmor/template.go#L507-L676

and as a consequence binaries/scripts with a core26 base are currently not able to execute coreutils tools such as mkdir and readlink.

Log excerpt:

apparmor="DENIED" operation="exec" class="file" profile="snap.microovn.switch" name="/usr/bin/gnumkdir" pid=1328 comm="switch.start" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
apparmor="DENIED" operation="exec" class="file" profile="snap.microovn.switch" name="/usr/bin/gnumkdir" pid=1328 comm="switch.start" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
apparmor="DENIED" operation="exec" class="file" profile="snap.microovn.switch" name="/usr/bin/gnumkdir" pid=1391 comm="switch.start" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
apparmor="DENIED" operation="exec" class="file" profile="snap.microovn.switch" name="/usr/bin/gnumkdir" pid=1391 comm="switch.start" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

apparmor="DENIED" operation="exec" class="file" profile="snap.microovn.ovn-ovsdb-server-nb" name="/usr/bin/gnureadlink" pid=1427 comm="ovn-ctl" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
apparmor="DENIED" operation="exec" class="file" profile="snap.microovn.ovn-ovsdb-server-nb" name="/usr/bin/gnureadlink" pid=1427 comm="ovn-ctl" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

# ls -l /snap/core26/current/bin/mkdir /snap/core26/current/bin/gnumkdir
-rwxr-xr-x 1 root root 68192 May  8 09:06 /snap/core26/current/bin/gnumkdir
lrwxrwxrwx 1 root root     8 Aug 26 11:28 /snap/core26/current/bin/mkdir -> gnumkdir

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions