[05:18] <candlejack> I'm trying to determine what the security implications of connecting the system-observe interface, is there any documentation on what it allows specifically?  I'm specifically wondering whether a confined process could use it to read /proc/$PID/mem?
[05:20] <amurray> candlejack: there is no such low-level documentation but you can always use the source :) - https://github.com/canonical/snapd/blob/master/interfaces/builtin/system_observe.go#L44
[05:23] <amurray> or you can experiment with an existing snap that plugs that interface https://pastebin.ubuntu.com/p/BrbrtJn8vZ/
[05:26] <amurray> finally, to know exactly what changes, you can look at the apparmor profile with and without the interface connected - e.g. https://pastebin.ubuntu.com/p/Dh6YrGqB9H/
[05:31] <candlejack> amurray it's after midnight here, I have never messed with go in my life, and the last time I wrote apparmore profiles was 12 years ago.  Lines 52-57 seem to imply that it does give access but "(assuming the associated /proc file is allowed)" on line 54 introduces ambiguity
[05:35] <candlejack> If I'm missing something please point it out but my read is that "trusted" should be in 20 point font and marquee tags
[06:03] <amurray> I don't think you are missing the point but the comment is a bit badly worded - basically the ptrace read permission then allows to read say /proc/*/mem (or say /proc/*/stat) IF there is a rule allowing access to that file
[06:04] <amurray> there is a rule allowing /proc/*/stat (line 102) so that works and is allowed, but since there is no such rule for /proc/*/mem it is denied as I demonstrated above
[15:16] <candlejack> Thank you very much, that makes a lot of sense!