[14:45] Hello Since snapd v2.63 my journalctl is flooded by SECCOMP violations I don't know how to avoid each syscall to kernel space adding an entry to journalctl. Any help would be appreciate [14:47] Guest53: can you provide any more details? [15:01] Sure ! [15:01] here's what return snappy-debug [15:02] ``` = Seccomp = [15:02] Time: Jul 30 15:00:49 [15:02] Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=1310 comm="MapperNode" exe="myapp" sig=0 arch=c00000b7 64(write) compat=0 ip=0xffff8c4539bc code=0x7ffc0000 [15:02] Syscall: write [15:05] It looks like since 2.63 version of snapd plugs and interfaces of each of myapp trigger a syscall that is catched by kauditd daemon whereas in previous version it was not the case [15:07] if this is related to snapd shouldn't myapp be named snap.myapp at least? [15:12] I can't show the real path of myapp due to industrial property I can't share but you are right the pas start with /snap/path_to_my_app [15:13] the app is mainly a ROS application [15:17] ah righto - can you share what interfaces the snap is using? [15:29] sorry it took me times to obfuscate: [15:30] Interface Plug Slot Notes [15:30] can-bus can-utils:can-bus :can-bus manual [15:30] can-bus myapp-core:can-bus :can-bus manual [15:30] content[configuration] myapp-XX:cfg myapp-core:cfg manual [15:30] content[configuration] myapp-YY:cfg myapp-core:cfg manual [15:30] content[statics] myapp-core:control-center myapp-control:control manual [15:30] content[librairies] myapp-core:lib myapp-AC:lib manual [15:30] content[librairies] myapp-core:lib myapp-AP:lib manual [15:30] content[librairies] myapp-core:lib myapp-platform:lib manual [15:30] content[librairies] myapp-core:lib myapp-RP:lib manual [15:30] content[librairies] myapp-core:lib myapp-SI:lib manual [15:30] content[librairies] myapp-core:lib myapp-SP:lib manual [15:30] content[librairies] myapp-core:lib myapp-WS:lib manual [15:30] content[statics] myapp-core:MC myapp-MH:myapp-MH manual [15:30] content[packages] myapp-core:pkg myapp-AC:pkg manual [15:30] content[packages] myapp-core:pkg myapp-AP:pkg manual [15:30] content[packages] myapp-core:pkg myapp-PF:pkg manual [15:30] content[packages] myapp-core:pkg myapp-RP:pkg manual [15:30] network myapp-timesync:network :network - [15:30] network-bind can-utils:network-bind :network-bind - [15:30] network-bind myapp-core:network-bind :network-bind - [15:30] network-bind myapp-PF:network-bind :network-bind - [15:30] network-bind myapp-RP:network-bind :network-bind - [15:30] network-bind myapp-SP:network-bind :network-bind - [15:30] network-bind myapp-timesync:network-bind :network-bind - [15:30] shutdown myapp-core:shutdown :shutdown manual [15:30] snapd-control myapp-core:snapd-control :snapd-control manual [15:30] system-files myapp-core:netplan-setup :system-files manual [15:30] system-observe myapp-core:system-observe :system-observe manual [15:30] system-observe snappy-debug:system-observe :system-observe - [15:30] time-control myapp-core:time-control :time-control manual [15:30] time-control myapp-timesync:time-control :time-control manual [15:30] timeserver-control myapp-core:timeserver-control :timeserver-control manual [15:30] timeserver-control myapp-timesync:timeserver-control :timeserver-control manual [15:30] timezone-control myapp-core:timezone-control :timezone-control manual [15:30] timezone-control myapp-timesync:timezone-control :timezone-control manual [15:47] amurray do you think I should connect all "faulty" snap to connect to system-files? [15:49] oh wow that is a lot - so I am still a bit baffled by this - in general the base seccomp profile for snapd allows the write syscall - https://github.com/canonical/snapd/blob/master/interfaces/seccomp/template.go#L593 [15:50] so this shouldn't be happening [15:50] oh you're not here anymore...