← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #07686

[Bug 1607796] Re: snap-confine regression when running commands as root

  Thread PreviousDate PreviousThread Next 
** Also affects: snap-confine (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: snap-confine (Ubuntu)
       Status: New => Fix Released

** Also affects: snap-confine (Ubuntu Xenial)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1607796

Title:
  snap-confine regression when running commands as root

Status in Snappy Launcher:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  New

Bug description:
  [Impact]

  Snaps (even in running in devmode) cannot put any files in the /root
  directory.

  This bug is fixed by adding /root to a list of directories that are
  bind mounted and thus visible to snaps in their execution environment.

  For more information about the execution environment, please see this
  article http://www.zygoon.pl/2016/08/snap-execution-environment.html

  [Test Case]

  The test case can be found here:

  https://github.com/snapcore/snap-confine/blob/master/spread-
  tests/regression/lp-1607796/task.yaml

  The test case is ran automatically for each pull request and for each final release. It can be reproduced manually by executing the shell commands listed in the prepare/execute/restore phases manually.
  The commands there assume that snapd and snap-confine are installed.
  No other additional setup is necessary.

  [Regression Potential]

   * Regression potential is minimal as the fix simply adds another
  directory to a list of directories that needs to be bind mounted.

  * The fix was tested on Ubuntu via spread and on several other
  distributions successfully.

  [Other Info]

  * This bug is a part of a major SRU that brings snap-confine in Ubuntu
  16.04 in line with the current upstream release 1.0.41.

  * This bug was included in an earlier SRU and is now fixed in Ubuntu.
  I am updating the template here to ensure that the process is fully
  documented from 1.0.38 all the way up to the current upstream release
  1.0.41.

  * snap-confine is technically an integral part of snapd which has an
  SRU exception and is allowed to introduce new features and take
  advantage of accelerated procedure. For more information see
  https://wiki.ubuntu.com/SnapdUpdates

  == # Pre-SRU bug description follows # ==

  root@edfu:~# lxd.lxc list
  +------+---------+------+------+------------+-----------+
  | NAME |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
  +------+---------+------+------+------------+-----------+
  | blah | STOPPED |      |      | PERSISTENT | 0         |
  +------+---------+------+------+------------+-----------+

  root@edfu:~# dpkg -l | grep core-launcher
  ii  ubuntu-core-launcher               1.0.27.1                        amd64        Launcher for ubuntu-core (snappy) apps

  root@edfu:~# sudo apt install ubuntu-core-launcher
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
    snap-confine
  The following NEW packages will be installed:
    snap-confine
  The following packages will be upgraded:
    ubuntu-core-launcher
  1 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 23.1 kB of archives.
  After this operation, 51.2 kB of additional disk space will be used.
  Do you want to continue? [Y/n]
  Get:1 http://us.archive.ubuntu.com//ubuntu xenial-proposed/main amd64 ubuntu-core-launcher amd64 1.0.38-0ubuntu0.16.04.3 [2,696 B]
  Get:2 http://us.archive.ubuntu.com//ubuntu xenial-proposed/main amd64 snap-confine amd64 1.0.38-0ubuntu0.16.04.3 [20.4 kB]
  Fetched 23.1 kB in 0s (0 B/s)
  (Reading database ... 101267 files and directories currently installed.)
  Preparing to unpack .../ubuntu-core-launcher_1.0.38-0ubuntu0.16.04.3_amd64.deb ...
  Unpacking ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.3) over (1.0.27.1) ...
  Selecting previously unselected package snap-confine.
  Preparing to unpack .../snap-confine_1.0.38-0ubuntu0.16.04.3_amd64.deb ...
  Unpacking snap-confine (1.0.38-0ubuntu0.16.04.3) ...
  Processing triggers for man-db (2.7.5-1) ...
  Setting up snap-confine (1.0.38-0ubuntu0.16.04.3) ...
  Setting up ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.3) ...
  Removing obsolete conffile /etc/apparmor.d/usr.bin.ubuntu-core-launcher ...

  root@edfu:~# lxd.lxc list
  error: mkdir /root/snap: read-only file system

  So looks like /root/snap isn't bind-mounted anymore. I also had to set
  HOME for my daemon to point to /tmp as apparently that's not set
  anymore either, causing HOME in my daemon to resolve to / which
  obviously is read-only.

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1607796/+subscriptions
  Thread PreviousDate PreviousThread Next