[Bug 1851113] Re: equivs-build fails to create DEB package w/o reporting an error
I have the same problem. For me, the deb-file is created in /tmp/user// -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851113 Title: equivs-build fails to create DEB package w/o reporting an error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/equivs/+bug/1851113/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662552] Re: snaps don't work with NFS home /home/u/user.name
Will there be an Update of the installation package? Will the lines #include #include be included? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662552 Title: snaps don't work with NFS home /home/u/user.name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662552] Re: snaps don't work with NFS home /home/u/user.name
1. I already had @{HOMEDIRS}+=/home/*/ and I did not forget to reload.
However, the audit message still refers to /home/r/, which is the actual
parent directory of my home directory.
2. Including #include directly below
/usr/lib/snapd/snap-confine flags=(attach_disconnected) works. It don't
seems to be necessary to include #include
Adding network inet and network inet6 solves the problem as well.
Snaps without network interface: Right, they don't work. A workaround is
to install them in devmode.
Enabling network access for all snaps just to make them compatible with
NFS don't seems to be a perfect solution from the security perspective.
Doesn't that mean, that these snaps can access every network service,
not only NFS? Is it possible to explicitly enable NFS (and other network
file systems) and not enable network access for all kinds of services?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662552
Title:
snaps don't work with NFS home /home/u/user.name
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662552] Re: snaps don't work with NFS home /home/u/user.name
Feb 9 09:57:30 hostname kernel: [ 2070.523056] audit: type=1400 audit(1486630650.755:1460): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=15768 comm="snap-confine" laddr=ip_of_local_host lport=917 faddr=ip_of_nfs_server fport=2049 family="inet" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" Feb 9 09:57:30 hostname kernel: [ 2070.523098] audit: type=1400 audit(1486630650.755:1461): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=15768 comm="snap-confine" laddr=ip_of_local_host lport=917 faddr=ip_of_nfs_server fport=2049 family="inet" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" Feb 9 09:57:30 hostname kernel: [ 2070.523323] audit: type=1400 audit(1486630650.755:1462): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=15768 comm="snap-confine" laddr=ip_of_local_host lport=917 faddr=ip_of_nfs_server fport=2049 family="inet" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" Feb 9 09:57:30 hostname kernel: [ 2070.523349] audit: type=1400 audit(1486630650.755:1463): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=15768 comm="snap-confine" laddr=ip_of_local_host lport=917 faddr=ip_of_nfs_server fport=2049 family="inet" sock_type="stream" protocol=6 requested_mask="send" denied_mask="send" Feb 9 09:57:30 hostname kernel: [ 2070.523576] audit: type=1400 audit(1486630650.755:1464): apparmor="DENIED" operation="mkdir" profile="/usr/lib/snapd/snap-confine" name="/home/r/" pid=15768 comm="snap-confine" requested_mask="c" denied_mask="c" fsuid=10270 ouid=10270 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662552 Title: snaps don't work with NFS home /home/u/user.name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662552] Re: snaps don't work with NFS home /home/u/user.name
*** This bug is a duplicate of bug 1620771 ***
https://bugs.launchpad.net/bugs/1620771
Thanks for the fast reply! Unfortunately, the problem is not solved.
The
@{HOMEDIRS}+=/home/*/
line solves the location issue (as in bug #1620771 and bug #1592696), but here
the location don't seems to be the real issue.
To prove that, I replaced the nfs mounted home directory with a home
directory on a local disk with the very same path. Then, snaps work as
expected. From that, and from the error message included in my first
post, my guess is, that the actual problem is nfs related. The error
message says, that apparmor denies access to port 2049 of the remote
host (which is the default nfs port).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662552
Title:
snaps don't work with NFS home /home/u/user.name
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1662552] [NEW] snaps don't work with NFS home /home/u/user.name
Public bug reported:
Our home directories have the following structure:
/home/u/user.name
where u is the first letter of the users first name. The reason for this
structure is the large number of users. The nfs mount point is /home
The file /etc/apparmor.d/tunables/home.d/ubuntu contains the following
line:
@{HOMEDIRS}+=/home/u/
(for one example user)
@{HOMEDIRS}+=/home/*/
did also not work.
Starting a snap (in this example case inkscape) results in the following error
message:
cannot change current working directory to the original directory: Permission
denied
For a self-created snap in classic mode, I get the following error:
cannot create user data directory: /home/u/user.name/snap/mysnap/x1: Permission
denied
The journal contains the following messages:
kernel: nfs: RPC call returned error 13
kernel: audit: type=1400 audit(1486481365.925:127): apparmor="DENIED"
operation="sendmsg" profile="/usr/lib/snapd/snap-confine" pid=25069
comm="snap-confine" laddr=x.x.x.x lport=782 faddr=x.x.x.x fport=2049
family="inet" sock_type="stream" protocol=6 requested_mask="send"
denied_mask="send"
Installed packages:
snapd/xenial-proposed,now 2.22.2 amd64 [installed]
snap-confine/xenial-proposed,now 2.22.2 amd64 [installed]
ubuntu-core-launcher/xenial-proposed,now 2.22.2 amd64 [installed]
** Affects: snapd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1662552
Title:
snaps don't work with NFS home /home/u/user.name
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
