I managed to completely forget what a hack the previous patch was between writing it and posting it. So please definitely ignore that one.
Here's a more sensible patch that that will skip chowning the worker temporary file if we're running as root and we know we're not going to try to drop privileges. If Ubuntu snaps gain support for assigning non-root UIDs and GIDs to confined apps, gunicorn will probably need more work, even with this patch applied, because utils.set_owner_process() assumes that setuid(getuid()) will successfully no-op, whereas the Ubuntu snap security policy would probably still block setuid() entirely. But this seems to be enough for now, and my snapped Web app still works with this patch applied in place of the previous one. ** Patch added: "skip chown when it would be a no-op, take 2" https://bugs.launchpad.net/ubuntu/+source/gunicorn/+bug/1611603/+attachment/4722435/+files/gunicorn.chown-2.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1611603 Title: fails to start when confined in a snap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gunicorn/+bug/1611603/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
