Ubuntu Pastebin

Paste from kyrofa at Wed, 24 Aug 2016 13:31:49 +0000

diff --git a/interfaces/apparmor/template.go b/interfaces/apparmor/template.go
index 66eef59..76e585a 100644
--- a/interfaces/apparmor/template.go
+++ b/interfaces/apparmor/template.go
@@ -192,6 +192,11 @@ var defaultTemplate = []byte(`
   /usr/bin/ r,
   /usr/share/distro-info/*.csv r,
 
+  # snapctl
+  /usr/bin/snapctl ixr,
+  /proc/sys/net/core/somaxconn r,
+  /run/snapd-public.socket rw,
+
   # Note: for now, don't explicitly deny this noisy denial so --devmode isn't
   # broken but eventually we may conditionally deny this since it is an
   # information leak.
diff --git a/interfaces/seccomp/template.go b/interfaces/seccomp/template.go
index 25c2354..fefef29 100644
--- a/interfaces/seccomp/template.go
+++ b/interfaces/seccomp/template.go
@@ -397,6 +397,11 @@ sigwaitinfo
 socket
 connect
 
+# needed by snapctl
+setsockopt
+getsockname
+getpeername
Download as text