ssh-audit icon indicating copy to clipboard operation
ssh-audit copied to clipboard

Published 20 hours ago verified publisher icon jtesta

cannot create mount point for file /tmp/snap.rootfs_

Open scott-mackenzie opened this issue 9 months ago • 1 comments

snap --version

snap 2.62+22.04 snapd 2.62+22.04 series 16 ubuntu 22.04 kernel 6.5.0-1020-aws

Attempting to start snap package: ~# ssh-audit version cannot create mount point for file "/tmp/snap.rootfs_ttB1w4/README.md": Permission denied

Contents of /tmp/

ls -l /tmp/

total 84 drwx------ 2 root root 4096 May 19 10:24 snap-private-tmp drwx------ 2 root root 4096 May 19 10:30 snap.rootfs_1P4Kmn drwx------ 2 root root 4096 May 19 10:24 snap.rootfs_DiD5AX drwx------ 2 root root 4096 May 19 10:24 snap.rootfs_Jjr3EU drwx------ 2 root root 4096 May 19 10:33 snap.rootfs_LEA0ic drwx------ 2 root root 4096 May 19 10:25 snap.rootfs_LqTJvt drwx------ 2 root root 4096 May 19 10:40 snap.rootfs_Pfd36j drwx------ 2 root root 4096 May 19 10:35 snap.rootfs_QGPUKe drwx------ 2 root root 4096 May 19 10:44 snap.rootfs_QZaClr drwx------ 2 root root 4096 May 19 10:24 snap.rootfs_QZjfkv drwx------ 2 root root 4096 May 19 10:25 snap.rootfs_Qdv2Cj drwx------ 2 root root 4096 May 19 10:24 snap.rootfs_UyxaGE drwx------ 2 root root 4096 May 19 10:24 snap.rootfs_WcgzpB drwx------ 2 root root 4096 May 19 10:29 snap.rootfs_a6X4fm drwx------ 2 root root 4096 May 19 10:24 snap.rootfs_cZVQlD drwx------ 2 root root 4096 May 19 10:32 snap.rootfs_o1qFYW drwx------ 2 root root 4096 May 19 11:46 snap.rootfs_ttB1w4 drwx------ 2 root root 4096 May 19 11:23 snap.rootfs_xoAXG6

~# sudo aa-status |grep snapd /snap/core/16928/usr/lib/snapd/snap-confine /snap/core/16928/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /snap/snapd/21184/usr/lib/snapd/snap-confine /snap/snapd/21184/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /snap/snapd/21465/usr/lib/snapd/snap-confine /snap/snapd/21465/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine//mount-namespace-capture-helper

dmesg | grep DENIED

Returns no data empty

snap debug confinement

strict

Other snap packages seem to be working but fresh install does not work for ssh-audit https://github.com/jtesta/ssh-audit

The server is hardened to CIS Level 2 standard.

Anyone come across this before?

scott-mackenzie avatar May 19 '24 16:05 scott-mackenzie