[Bug 1756595] Re: disk space info inadvertently provides all installed snaps

Ɓukasz Zemczak 1756595 at bugs.launchpad.net
Thu Sep 5 11:58:39 UTC 2019 

Hello Andreas, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/1.6.12 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: apt (Ubuntu Bionic)
       Status: In Progress => Fix Committed

** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1756595

Title:
  disk space info inadvertently provides all installed snaps

Status in apport package in Ubuntu:
  Invalid
Status in apt package in Ubuntu:
  Fix Released
Status in apport source package in Bionic:
  Invalid
Status in apt source package in Bionic:
  Fix Committed
Status in apport source package in Disco:
  New
Status in apt source package in Disco:
  Fix Committed
Status in apport source package in Eoan:
  Invalid
Status in apt source package in Eoan:
  Fix Released

Bug description:
  [Impact]
  When apport is reporting a crash, it includes the output of the "df" utility, to list the free disk space information per mount point.

  That output nowadays will inadvertently include all snaps that the
  user may have installed, including their revision numbers.

  Here is a simple df output:
  andreas at nsn7:~$ df
  Filesystem                      1K-blocks    Used Available Use% Mounted on
  udev                              8119680       0   8119680   0% /dev
  tmpfs                             1630156    1828   1628328   1% /run
  nsn7/ROOT/ubuntu                433084288 2500608 430583680   1% /
  tmpfs                             8150776   18888   8131888   1% /dev/shm
  tmpfs                                5120       4      5116   1% /run/lock
  tmpfs                             8150776       0   8150776   0% /sys/fs/cgroup
  nsn7/var/log                    430763136  179456 430583680   1% /var/log
  nsn7/var/tmp                    430583808     128 430583680   1% /var/tmp
  /dev/sda2                         1032088  160336    871752  16% /boot
  /dev/sda1                          523248    2720    520528   1% /boot/efi
  nsn7/home                       430651264   67584 430583680   1% /home
  nsn7/var/cache                  430653312   69632 430583680   1% /var/cache
  nsn7/var/mail                   430583808     128 430583680   1% /var/mail
  nsn7/var/spool                  430583808     128 430583680   1% /var/spool
  tmpfs                             1630152      16   1630136   1% /run/user/120
  tmpfs                                 100       0       100   0% /var/lib/lxd/shmounts
  tmpfs                                 100       0       100   0% /var/lib/lxd/devlxd
  tmpfs                             1630152      36   1630116   1% /run/user/1000
  nsn7/lxd/containers/squid-ds216 431444096  860416 430583680   1% /var/lib/lxd/storage-pools/default/containers/squid-ds216
  /dev/loop0                          83712   83712         0 100% /snap/core/4206
  /dev/loop1                         102144  102144         0 100% /snap/git-ubuntu/402

  You can see I have the core snap at revision 4206, and git-ubuntu at
  revision 402.

  There are already many bug reports in launchpad where one can see this
  information.

  Granted, the user can review it, refuse to send this data, etc. This
  bug is about the unexpectedness of having that information in the disk
  space data.

  If the user sees a prompt like "Would you like to include disk free
  space information in your report?", or "Would you like to include the
  output of the df(1) command in your report?", that doesn't immediately
  translate to "Would you like to include disk free space information
  and a list of all installed snaps and their revision numbers in your
  report?".

  [Test case]
  N/A

  [Regression potential]
  Fix consists of adding -x squashfs to df output, so might hide other non-snap squashfs images.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1756595/+subscriptions

More information about the foundations-bugs mailing list