group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1612291] Re: cannot create $SNAP_USER_DATA when using ecryptfs and sudo

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1612291@xxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Aug 2016 13:46:17 -0000
Reply-to: Bug 1612291 <1612291@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package snap-confine - 1.0.38-0ubuntu0.16.04.8

---------------
snap-confine (1.0.38-0ubuntu0.16.04.8) xenial; urgency=medium

  * debian/patches/04_not_die_unknown_locations.patch:
    - move to /tmp if the current location can not be preserved
      (LP: #1612684)

snap-confine (1.0.38-0ubuntu0.16.04.7) xenial; urgency=medium

  * fix apparmor rules when a snap is run on new-style encrypted
    home with sudo (LP: #1612291)

snap-confine (1.0.38-0ubuntu0.16.04.6) xenial; urgency=medium

  * fix apparmor rules when a snap is run on encrypted home
    with sudo (LP: #1612291)

snap-confine (1.0.38-0ubuntu0.16.04.5) xenial; urgency=medium

  * 03_fix_snap_user_data_regression.patch:
    - fix regression in autopkgtest with snap-confine when the
      SNAP_USER_DATA directory is not created for services
      (LP: #1612120)

 -- Michael Vogt <michael.vogt@xxxxxxxxxx>  Fri, 12 Aug 2016 16:45:17
+0200

** Changed in: snap-confine (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1612291

Title:
  cannot create $SNAP_USER_DATA when using ecryptfs and sudo

Status in Snappy Launcher:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  Fix Released

Bug description:
  Because of the two apparmor rules on snap-confine, attempts to create
  user data directory from snap-confine will fail when the user is using
  new-style encrypted home directory and sudo to start a snap.

  TEST CASE:
  1. sudo adduser --encrypt-home test-encrypted
  2. Ensure that the test-encrypted user can use sudo, e.g. add it to the sudo group
  3. Log in as test-encrypted user
  4. Install the hello-world snap
  5. Run sudo /snap/bin/hello-world
  6. Verify that `hello-world` fails to run
  7. Install snap-confine from xenial-propsoed
  8. verify that `hello-world` runs now

  The following patch makes the problem go away:

  diff --git a/debian/usr.bin.snap-confine b/debian/usr.bin.snap-confine
  index f3e6308..aeb17bd 100644
  --- a/debian/usr.bin.snap-confine
  +++ b/debian/usr.bin.snap-confine
  @@ -155,6 +155,6 @@
       owner @{HOME}/.Private/ r,
       owner @{HOME}/.Private/** mrixwlk,
       # new-style encrypted $HOME
  -    owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
  -    owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
  +    @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
  +    @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
   }

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1612291/+subscriptions