interfaces: Add /sys/kernel/tracing to system-trace

Systemd has mounted tracefs under /sys/kernel/tracing since version
245 [0].  Simultaneously, the kernel started at version 4.1 to
automount /sys/kernel/debug/tracing on access for backwards
compatibiliy.

The builtin system-trace currently only allows the old path.

Applications exist who will assume /sys/kernel/tracing as the
preferred location, only to fall back to /sys/kernel/debug/tracing
if the path does not exist.

Currently said applications will fail to work in snaps, because they
will find /sys/kernel/tracing to exist only to fail later in
execution when trying to access contents of files within.

0: systemd/systemd@aaaf42cb44d4
Signed-off-by: Frode Nordahl <[email protected]>

Author: fnordahl

interfaces/builtin/system_trace.go

@@ -45,6 +45,9 @@ const systemTraceConnectedPlugAppArmor = `
   /sys/kernel/debug/tracing/ r,
   /sys/kernel/debug/tracing/** rw,
 
+  /sys/kernel/tracing/ r,
+  /sys/kernel/tracing/** rw,
+
   # Access to kernel headers required for iovisor/bcc. This is typically
   # detected with 'ls -l /lib/modules/$(uname -r)/build/' which is a symlink
   # to /usr/src on Ubuntu and so only /usr/src is needed.

interfaces/builtin/system_trace_test.go

@@ -79,6 +79,7 @@ func (s *SystemTraceInterfaceSuite) TestUsedSecuritySystems(c *C) {
 	c.Assert(err, IsNil)
 	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.other.app"})
 	c.Check(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, "/sys/kernel/debug/tracing/ r,")
+	c.Check(apparmorSpec.SnippetForTag("snap.other.app"), testutil.Contains, "/sys/kernel/tracing/ r,")
 }
 
 func (s *SystemTraceInterfaceSuite) TestInterfaces(c *C) {