[Bug 1522675] Re: Warning messages about unsandboxed downloads

brian mullan 1522675 at bugs.launchpad.net
Sat Dec 2 13:24:46 UTC 2023 

Ubuntu 22.04.3 LTS

In an LXD VM also running Ubuntu 22.04.3 LTS I executed:

$ sudo apt install -f ./webmesh_0.17.1_linux_amd64.deb

and this is what displayed...

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'webmesh' instead of './webmesh_0.17.1_linux_amd64.deb'
The following additional packages will be installed:
  wireguard-tools
Suggested packages:
  openresolv | resolvconf
The following NEW packages will be installed:
  webmesh wireguard-tools
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Need to get 86.9 kB/28.8 MB of archives.
After this operation, 56.5 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 /home/bmullan/webmesh/scripts/webmesh_0.17.1_linux_amd64.deb webmesh amd64 0.17.1 [28.8 MB]
Get:2 http://archive.ubuntu.com/ubuntu jammy/main amd64 wireguard-tools amd64 1.0.20210914-1ubuntu2 [86.9 kB]
Fetched 86.9 kB in 1s (72.9 kB/s)                      
Selecting previously unselected package webmesh.
(Reading database ... 56780 files and directories currently installed.)
Preparing to unpack .../webmesh_0.17.1_linux_amd64.deb ...
Unpacking webmesh (0.17.1) ...
Selecting previously unselected package wireguard-tools.
Preparing to unpack .../wireguard-tools_1.0.20210914-1ubuntu2_amd64.deb ...
Unpacking wireguard-tools (1.0.20210914-1ubuntu2) ...
Setting up webmesh (0.17.1) ...
Setting up wireguard-tools (1.0.20210914-1ubuntu2) ...
wg-quick.target is a disabled or a static unit not running, not starting it.
Processing triggers for man-db (2.10.2-1) ...
Scanning processes...                                                                                                                                                         
Scanning linux images...                                                                                                                                                      

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this
host.

N: Download is performed unsandboxed as root as file
'/home/bmullan/webmesh/scripts/webmesh_0.17.1_linux_amd64.deb' couldn't
be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

As with the others there seems to be a "permissions" problem?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1522675

Title:
  Warning messages about unsandboxed downloads

Status in apt package in Ubuntu:
  Fix Released
Status in aptitude package in Ubuntu:
  Fix Released
Status in synaptic package in Ubuntu:
  Triaged
Status in update-notifier package in Ubuntu:
  Fix Released
Status in aptitude source package in Xenial:
  Confirmed
Status in synaptic source package in Xenial:
  Confirmed
Status in update-notifier source package in Xenial:
  Fix Released
Status in apt source package in Hirsute:
  Fix Released
Status in aptitude source package in Hirsute:
  Fix Released
Status in synaptic source package in Hirsute:
  Won't Fix
Status in update-notifier source package in Hirsute:
  Fix Released
Status in apt package in Debian:
  Fix Released
Status in aptitude package in Debian:
  Fix Released
Status in synaptic package in Debian:
  New

Bug description:
  READ ME FIRST
  =============
  This is only a regression on a cosmetic level. Previous versions of apt did not have any sandboxing whatsoever, so this means apt reverted back to that old behavior.

  update-notifier SRU
  -------------------
  [Impact]
  Cosmetic. Warnings when installing packages using update-notifier downloading stuff

  [Test case]

  Install flashplugin-installer with apt and check that the output does
  not contain a message like this:

  W: Can't drop privileges for downloading as file '...' couldn't be
  accessed by user '_apt'

  [Regression Potential]

  It just chowns /var/lib/update-notifier/package-data-
  downloads/partial/ to _apt:root, there should not be any regression.

  Original report
  ---------------

  Recently we got new versions for synaptic 0.82+build1 & apt 1.1.3, but
  now get that error when installing/upgrading some packages:

  Setting up libc6-dbg:amd64 (2.21-0ubuntu5) ...
  Processing triggers for libc-bin (2.21-0ubuntu5) ...
  W: Can't drop privileges for downloading as file '/root/.synaptic/tmp//tmp_cl' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

  From nautilus, i'm seeing a /root/ folder locked (x on its icon) and
  the folder is empty (no /.synaptic/ sub-folder or file), so the above
  error.

  oem at u64:~$ ls -l .synaptic
  total 4
  -rw-rw-r-- 1 oem oem   0 Aug 25 11:19 options
  -rw-rw-r-- 1 oem oem 236 Aug 25 11:19 synaptic.conf

  oem at u64:~$ ls -l /var/lib/apt/lists/
  ....
  -rw-r----- 1 root root        0 Sep 20 06:36 lock
  drwx------ 2 _apt root    16384 Sep 24 15:25 partial
  ......

  oem at u64:~$ sudo ls -l /var/lib/update-notifier/package-data-downloads/
  .....
  drwxr-xr-x 2 _apt root 4096 Sep 22 23:33 partial

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: synaptic 0.82+build1
  ProcVersionSignature: Ubuntu 4.3.0-1.10-generic 4.3.0
  Uname: Linux 4.3.0-1-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.19.2-0ubuntu8
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Fri Dec  4 05:23:25 2015
  SourcePackage: synaptic
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions

More information about the foundations-bugs mailing list