Title: Upgrade from PPA to snap Post by: SuperSerj on January 09, 2020, 01:54:20 AM So, I noticed the PPA is no longer being updated.
I uninstalled the PPA and installed the snap. apparmor seems to be killing me... apparmor="DENIED" operation="mknod" profile="snap.bitcoin-core.qt" name="/home/serj/Bitcoin/7ffb-ef67-01f7-0640" pid=22511 comm="bitcoin-qt" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 What is more; I do not see an apparmor profile called snap.bitcoin-core.qt anywhere. Thoughts? More info below: serj@serj-ubuntu:~$ uname -a Linux serj-ubuntu 5.3.0-24-generic #26-Ubuntu SMP Thu Nov 14 01:33:18 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux serj@serj-ubuntu:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=19.10 DISTRIB_CODENAME=eoan DISTRIB_DESCRIPTION="Ubuntu 19.10" serj@serj-ubuntu:~$ snap info bitcoin-core name: bitcoin-core summary: peer-to-peer network based digital currency publisher: Bitcoin Core contact: https://github.com/bitcoin-core/packaging/issues/new?title=snap: license: unset description: | Bitcoin is a free open source peer-to-peer electronic cash system that is completely decentralized, without the need for a central server or trusted parties. Users hold the crypto keys to their own money and transact directly with each other, with the help of a P2P network to check for double-spending. commands: - bitcoin-core.cli - bitcoin-core.daemon - bitcoin-core.qt snap-id: lGr3hNoqLtHTp2yV1BgnqyElQtLUDPeA tracking: stable refresh-date: today at 09:58 NZDT channels: stable: 0.19.0.1 2019-11-24 (54) 106MB - candidate: ↑ beta: ↑ edge: 0.19.0.1 2019-11-24 (54) 106MB - 0.19/stable: 0.19.0.1 2019-11-25 (60) 106MB - 0.19/candidate: ↑ 0.19/beta: ↑ 0.19/edge: 0.19.0.1 2019-11-25 (60) 106MB - 0.18/stable: 0.18.1 2019-08-09 (50) 107MB - 0.18/candidate: ↑ 0.18/beta: ↑ 0.18/edge: 0.18.1 2019-08-09 (50) 107MB - 0.17/stable: 0.17.1 2019-08-08 (42) 106MB - 0.17/candidate: ↑ 0.17/beta: ↑ 0.17/edge: 0.17.1 2019-08-08 (42) 106MB - installed: 0.19.0.1 (54) 106MB - serj@serj-ubuntu:~$ bitcoin-core.qt Error: Cannot write to data directory '/home/serj/Bitcoin'; check permissions. serj@serj-ubuntu:~$ tail /var/log/kern.log Jan 9 14:42:11 serj-ubuntu kernel: [313980.271639] audit: type=1400 audit(1578534131.921:160): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/Documents/" pid=22585 comm="head" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:12 serj-ubuntu kernel: [313981.273808] audit: type=1400 audit(1578534132.921:161): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/Bitcoin/bitcoin.conf" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:13 serj-ubuntu kernel: [313981.386697] audit: type=1400 audit(1578534133.037:162): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/.local/share/font-manager/Library/" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:13 serj-ubuntu kernel: [313981.387010] audit: type=1400 audit(1578534133.037:163): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/.local/share/font-manager/Library/" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:13 serj-ubuntu kernel: [313981.387019] audit: type=1400 audit(1578534133.037:164): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/.local/share/font-manager/Library/" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:14 serj-ubuntu kernel: [313982.421506] audit: type=1400 audit(1578534134.069:165): apparmor="DENIED" operation="mknod" profile="snap.bitcoin-core.qt" name="/home/serj/Bitcoin/7ffb-ef67-01f7-0640" pid=22511 comm="bitcoin-qt" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 Title: Re: Upgrade from PPA to snap Post by: SuperSerj on January 15, 2020, 10:22:10 AM No response after 5 days? It looks like I'm asking this in the wrong place.
Where would you guys suggest I can find some technical people to get some advice about this? Title: Re: Upgrade from PPA to snap Post by: hendra147 on January 16, 2020, 03:43:09 PM im never using apparmor, and i can't identify your problem but i want to ask about this
Quote Error: Cannot write to data directory '/home/serj/Bitcoin'; check permissions. do you have change the permmission? maybe like chmod or something else? and you are use "Ubuntu 19.10" , i can;t says this release is stable, better you downgrade to 18.04 or 16.04 Title: Re: Upgrade from PPA to snap Post by: SuperSerj on January 18, 2020, 10:12:55 AM Yea... The permissions are fine... It's apparmor denying bitcoin permission
Title: Re: Upgrade from PPA to snap Post by: QuantumLogic on May 22, 2020, 05:14:51 PM I've been looking at this. At first I thought, OK, let's just add the non-standard path to the apparmor file (which by the way is /var/lib/snapd/apparmor/profiles/snap.bitcoin-core.qt)...
But what's curious here is that the operation being denied isn't reading or writing those files. It's "mknod" - creating a device file. That's super strange. What's bitcoin-qt doing that for? Then I went looking for where in the source code a mknod is being performed. Only "mknod" does not occur anywhere in the bitcoin sources. Or in the bitcoin-core-snap packaging. Fine, perhaps there's a legit reason for this, and perhaps bitcoin-qt is calling something that calls mknod... but why?? Why create a device file? That's odd behavior for a program that doesn't deal with hardware devices. I can hardly find any hits on google on anyone even looking at the snap at all, let alone thinking about this issue. There was this: https://twitter.com/rusty_twit/status/1201368196608999424 - made me chuckle, but no solution of course. Does anyone have any ideas? Title: Re: Upgrade from PPA to snap Post by: bob123 on May 22, 2020, 05:29:20 PM serj@serj-ubuntu:~$ tail /var/log/kern.log Jan 9 14:42:11 serj-ubuntu kernel: [313980.271639] audit: type=1400 audit(1578534131.921:160): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/Documents/" pid=22585 comm="head" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:12 serj-ubuntu kernel: [313981.273808] audit: type=1400 audit(1578534132.921:161): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/Bitcoin/bitcoin.conf" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:13 serj-ubuntu kernel: [313981.386697] audit: type=1400 audit(1578534133.037:162): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/.local/share/font-manager/Library/" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:13 serj-ubuntu kernel: [313981.387010] audit: type=1400 audit(1578534133.037:163): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/.local/share/font-manager/Library/" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:13 serj-ubuntu kernel: [313981.387019] audit: type=1400 audit(1578534133.037:164): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/home/serj/.local/share/font-manager/Library/" pid=22511 comm="bitcoin-qt" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Jan 9 14:42:14 serj-ubuntu kernel: [313982.421506] audit: type=1400 audit(1578534134.069:165): apparmor="DENIED" operation="mknod" profile="snap.bitcoin-core.qt" name="/home/serj/Bitcoin/7ffb-ef67-01f7-0640" pid=22511 comm="bitcoin-qt" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 [/tt] It seems like the apparmor profile has to be adjusted. You need to allow access to the following in your apparmor profile: Code: /home/serj/Documents/ operation="open" => read permission operation="mknod" => write permission Can you confirm the profile does indeed cover the necessary permissions and paths ? Title: Re: Upgrade from PPA to snap Post by: QuantumLogic on May 22, 2020, 05:32:04 PM Why is bitcoin-qt performing a mknod? And why doesn't "mknod" appear in the sources for bitcoin-qt or its packaging?
Title: Re: Upgrade from PPA to snap Post by: andypiziali on February 28, 2021, 11:46:27 PM Serj, I have the same problem with bitcoin-core polluting /var/log/syslog with AppArmor messages (see below). Have you learned what modifications are required to the AppArmor configuration to give bitcoin-core access to these various /proc resources? Thanks!
---------- ... Feb 28 16:43:24 elijah kernel: [ 2591.097883] audit: type=1400 audit(1614555804.182:333): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/schedstat" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:43:24 elijah kernel: [ 2591.097886] audit: type=1400 audit(1614555804.182:334): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/zoneinfo" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:43:24 elijah kernel: [ 2591.097993] audit: type=1400 audit(1614555804.182:335): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/softirqs" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:43:24 elijah kernel: [ 2591.098084] audit: type=1400 audit(1614555804.182:336): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/3248/schedstat" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Feb 28 16:44:24 elijah kernel: [ 2651.108811] audit: type=1400 audit(1614555864.194:337): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/diskstats" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:44:24 elijah kernel: [ 2651.108819] audit: type=1400 audit(1614555864.194:338): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/vmstat" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:44:24 elijah kernel: [ 2651.108824] audit: type=1400 audit(1614555864.194:339): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/schedstat" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:44:24 elijah kernel: [ 2651.108829] audit: type=1400 audit(1614555864.194:340): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/zoneinfo" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:44:24 elijah kernel: [ 2651.108939] audit: type=1400 audit(1614555864.194:341): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/softirqs" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Feb 28 16:44:24 elijah kernel: [ 2651.109075] audit: type=1400 audit(1614555864.194:342): apparmor="DENIED" operation="open" profile="snap.bitcoin-core.qt" name="/proc/3248/schedstat" pid=3248 comm="b-scheduler" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 ... ---------- Title: Re: Upgrade from PPA to snap Post by: DiLuvio on March 01, 2021, 02:50:22 PM AppArmor provides /etc/apparmor.d/local/ for rules to add to the main ones. (Although this can't be used to override an explicit deny like tcpdump's ban on using files in $HOME/bin.) We just need to add a rule for the *.gz, and while we're there, why not the *.bz2 version as well?
Code: /**.[pP][cC][aA][pP].[gG][zZ] rw, Ubuntu ships some files in the local directory already; we should be able to run Code: sudo -e /etc/apparmor.d/local/usr.sbin.tcpdump Code: sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.tcpdump locate your core in usr/src/ use sudo commands and should be fine |