** Description changed:
Because of the two apparmor rules on snap-confine, attempts to create
user data directory from snap-confine will fail when the user is using
new-style encrypted home directory and sudo to start a snap.
- Steps to reproduce:
-
+ TEST CASE:
1. sudo adduser --encrypt-home test-encrypted
2. Ensure that the test-encrypted user can use sudo, e.g. add it to the sudo
group
3. Log in as test-encrypted user
4. Install the hello-world snap
5. Run sudo /snap/bin/hello-world
+ 6. Verify that `hello-world` fails to run
+ 7. Install snap-confine from xenial-propsoed
+ 8. verify that `hello-world` runs now
The following patch makes the problem go away:
diff --git a/debian/usr.bin.snap-confine b/debian/usr.bin.snap-confine
index f3e6308..aeb17bd 100644
--- a/debian/usr.bin.snap-confine
+++ b/debian/usr.bin.snap-confine
@@ -155,6 +155,6 @@
- owner @{HOME}/.Private/ r,
- owner @{HOME}/.Private/** mrixwlk,
- # new-style encrypted $HOME
+ owner @{HOME}/.Private/ r,
+ owner @{HOME}/.Private/** mrixwlk,
+ # new-style encrypted $HOME
- owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
- owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
+ @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
+ @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
- }
+ }
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1612291
Title:
cannot create $SNAP_USER_DATA when using ecryptfs and sudo
To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1612291/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
