SNAP_USER_COMMON

Jamie Strandboge jamie at canonical.com
Tue Aug 2 14:22:06 UTC 2016 

On Tue, 2016-08-02 at 09:04 +0200, Didier Roche wrote:
> Le 02/08/2016 à 08:12, Vasilisc a écrit :
> > 
> > 02.08.2016 09:00, Didier Roche пишет:
> > > 
> > > Le 02/08/2016 à 07:45, Vasilisc a écrit :
> > > > 
> > > > 
> > > > test snap raise error
> > > > -------------------------
> > > > echo "Writing to $SNAP_USER_COMMON"
> > > > mkdir -p $SNAP_USER_COMMON/platform
> > > > echo "hello common" > $SNAP_USER_COMMON/common.txt
> > > > --------------
> > > > grep -F audit syslog
> > > > 
> > > > Aug  2 08:34:16 vb kernel: [ 2622.276193] audit: type=1400
> > > > audit(1470116056.762:34): apparmor="ALLOWED" operation="mkdir"
> > > > profile="snap.test2.test2" name="/home/vasilisc/snap/test2/common/"
> > > > pid=4971 comm="mkdir" requested_mask="c" denied_mask="c" fsuid=1000
> > > > ouid=1000
> > > Hey Vasilisc,
> > > 
> > > where do you see an error in the above trace? Apparmor says "ALLOWED",
> > > so the mkdir call wasn't blocked and work as expected, or did you notice
> > > not having this directory and file created after those calls?
> > > 
> > > Didier
> > > 
> > Code
> > echo "Writing to $SNAP_USER_COMMON"
> > mkdir -p $SNAP_USER_COMMON
> > --------------------
> > 
> > Aug  2 09:08:42 vb kernel: [ 4688.252234] audit: type=1400
> > audit(1470118122.727:44): apparmor="DENIED" operation="mkdir"
> > profile="snap.test2.test2" name="/home/vasilisc/snap/test2/common/"
> > pid=5802 comm="mkdir" requested_mask="c" denied_mask="c" fsuid=1000
> > ouid=1000
> > 
> Mind opening a bug against snappy on launchpad with your snapcraft.yaml,
> shell script and this output? I think the apparmor profile may need to
> be adjusted to write to $SNAP_USER_COMMON.

Please file a bug, yes, but the bug is that 'snap run' is not creating the
directory. The snap should not be expected to have to do this. The regression
looks to have been introduced in https://github.com/snapcore/snapd/pull/1293 or
perhaps you are using an old version of snapd and a new version of snap-confine? 
Regardless, please file a bug.

Thanks!

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160802/34a5a464/attachment.sig>

More information about the Snapcraft mailing list