Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ~$ diff /etc/apparmor.d/usr.lib.snapd.snap-confine.real usr.lib.snapd.snap-confine.real.OJM
- 157,166d156
- < # For mounting base dir by dir (write dirs and mount on them)
- < /tmp/snap.rootfs_** rw,
- < mount options=(remount ro) -> /tmp/snap.rootfs_*/,
- < mount options=(rw rbind) /snap/*/*/**/ -> /tmp/snap.rootfs_**/,
- < # For mounting individual files
- < mount options=(rw bind) /snap/*/*/** -> /tmp/snap.rootfs_*/**,
- < mount options=(rw rslave) -> /tmp/snap.rootfs_**/,
- < # Allow mounting dirs from /
- < mount options=(rw rbind) /*/ -> /tmp/snap.rootfs_**/,
- <
- 175d164
- < mount fstype=tmpfs none -> /tmp/snap.rootfs_*/,
- 296,297c285
- < # For dir on dir mounts, we do need write permissions in /var though
- < audit deny /tmp/snap.rootfs_*/{var/lib/,var/lib/snapd/,var/lib/snapd/hostfs/} w,
- ---
- > audit deny /tmp/snap.rootfs_*/{var/,var/lib/,var/lib/snapd/,var/lib/snapd/hostfs/} w,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement