** Also affects: snap-confine (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: snap-confine (Ubuntu)
       Status: New => Fix Released

** Also affects: snap-confine (Ubuntu Xenial)
   Importance: Undecided
       Status: New

You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs

  snap-confine regression when running commands as root

Status in Snappy Launcher:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:

Bug description:

  Snaps (even in running in devmode) cannot put any files in the /root

  This bug is fixed by adding /root to a list of directories that are
  bind mounted and thus visible to snaps in their execution environment.

  For more information about the execution environment, please see this
  article http://www.zygoon.pl/2016/08/snap-execution-environment.html

  [Test Case]

  The test case can be found here:


  The test case is ran automatically for each pull request and for each final 
release. It can be reproduced manually by executing the shell commands listed 
in the prepare/execute/restore phases manually.
  The commands there assume that snapd and snap-confine are installed.
  No other additional setup is necessary.

  [Regression Potential]

   * Regression potential is minimal as the fix simply adds another
  directory to a list of directories that needs to be bind mounted.

  * The fix was tested on Ubuntu via spread and on several other
  distributions successfully.

  [Other Info]

  * This bug is a part of a major SRU that brings snap-confine in Ubuntu
  16.04 in line with the current upstream release 1.0.41.

  * This bug was included in an earlier SRU and is now fixed in Ubuntu.
  I am updating the template here to ensure that the process is fully
  documented from 1.0.38 all the way up to the current upstream release

  * snap-confine is technically an integral part of snapd which has an
  SRU exception and is allowed to introduce new features and take
  advantage of accelerated procedure. For more information see

  == # Pre-SRU bug description follows # ==

  root@edfu:~# lxd.lxc list
  | NAME |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS |
  | blah | STOPPED |      |      | PERSISTENT | 0         |

  root@edfu:~# dpkg -l | grep core-launcher
  ii  ubuntu-core-launcher                             amd64  
      Launcher for ubuntu-core (snappy) apps

  root@edfu:~# sudo apt install ubuntu-core-launcher
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
  The following NEW packages will be installed:
  The following packages will be upgraded:
  1 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 23.1 kB of archives.
  After this operation, 51.2 kB of additional disk space will be used.
  Do you want to continue? [Y/n]
  Get:1 http://us.archive.ubuntu.com//ubuntu xenial-proposed/main amd64 
ubuntu-core-launcher amd64 1.0.38-0ubuntu0.16.04.3 [2,696 B]
  Get:2 http://us.archive.ubuntu.com//ubuntu xenial-proposed/main amd64 
snap-confine amd64 1.0.38-0ubuntu0.16.04.3 [20.4 kB]
  Fetched 23.1 kB in 0s (0 B/s)
  (Reading database ... 101267 files and directories currently installed.)
  Preparing to unpack 
.../ubuntu-core-launcher_1.0.38-0ubuntu0.16.04.3_amd64.deb ...
  Unpacking ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.3) over ( ...
  Selecting previously unselected package snap-confine.
  Preparing to unpack .../snap-confine_1.0.38-0ubuntu0.16.04.3_amd64.deb ...
  Unpacking snap-confine (1.0.38-0ubuntu0.16.04.3) ...
  Processing triggers for man-db (2.7.5-1) ...
  Setting up snap-confine (1.0.38-0ubuntu0.16.04.3) ...
  Setting up ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.3) ...
  Removing obsolete conffile /etc/apparmor.d/usr.bin.ubuntu-core-launcher ...

  root@edfu:~# lxd.lxc list
  error: mkdir /root/snap: read-only file system

  So looks like /root/snap isn't bind-mounted anymore. I also had to set
  HOME for my daemon to point to /tmp as apparently that's not set
  anymore either, causing HOME in my daemon to resolve to / which
  obviously is read-only.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to