[Bug 1522675] Re: Needless scary warning: Download is performed unsandboxed as root: _apt user not allowed
Julian Andres Klode
julian.klode at gmail.com
Sat Jan 7 22:10:48 UTC 2017
The message won't be removed. It's worded as good as it can be now.
Maintainer scripts using apt-helper to download stuff (or clients using
libapt-pkg) should be fixed to use proper permissions on the directories
so the _apt user can write files (best create a temporary directory I'd
say owned by _apt, download to that).
For interactive use, the message appears in a very limited set of
circumstances. Namely, "download" and "source" run as root (maybe
"changelog", depending on your tmpfs setup, not sure). Running these
commands as root does not make that much sense anyway, especially
source.
So if users can reproduce this with a specific package that uses our
tools, please add a task for that tool. From the apt side, this is
working as intended.
** Changed in: apt (Ubuntu)
Status: Confirmed => Fix Released
** Summary changed:
- Needless scary warning: Download is performed unsandboxed as root: _apt user not allowed
+ Warning messages about unsandboxed downloads
** Also affects: msttcorefonts (Ubuntu)
Importance: Undecided
Status: New
** Also affects: flashplugin-nonfree (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1522675
Title:
Warning messages about unsandboxed downloads
Status in apt package in Ubuntu:
Fix Released
Status in flashplugin-nonfree package in Ubuntu:
New
Status in msttcorefonts package in Ubuntu:
New
Status in apt package in Debian:
Fix Released
Status in synaptic package in Debian:
New
Bug description:
Recently we got new versions for synaptic 0.82+build1 & apt 1.1.3, but
now get that error when installing/upgrading some packages:
Setting up libc6-dbg:amd64 (2.21-0ubuntu5) ...
Processing triggers for libc-bin (2.21-0ubuntu5) ...
W: Can't drop privileges for downloading as file '/root/.synaptic/tmp//tmp_cl' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
From nautilus, i'm seeing a /root/ folder locked (x on its icon) and
the folder is empty (no /.synaptic/ sub-folder or file), so the above
error.
oem at u64:~$ ls -l .synaptic
total 4
-rw-rw-r-- 1 oem oem 0 Aug 25 11:19 options
-rw-rw-r-- 1 oem oem 236 Aug 25 11:19 synaptic.conf
oem at u64:~$ ls -l /var/lib/apt/lists/
....
-rw-r----- 1 root root 0 Sep 20 06:36 lock
drwx------ 2 _apt root 16384 Sep 24 15:25 partial
......
oem at u64:~$ sudo ls -l /var/lib/update-notifier/package-data-downloads/
.....
drwxr-xr-x 2 _apt root 4096 Sep 22 23:33 partial
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: synaptic 0.82+build1
ProcVersionSignature: Ubuntu 4.3.0-1.10-generic 4.3.0
Uname: Linux 4.3.0-1-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.19.2-0ubuntu8
Architecture: amd64
CurrentDesktop: GNOME
Date: Fri Dec 4 05:23:25 2015
SourcePackage: synaptic
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions
More information about the foundations-bugs
mailing list