Public bug reported:

[ Impact ]

 * GTK in 26.04 has a single image loader: glycin, which sandboxes its loaders 
using `bwrap`
 * This doesn't work in snaps because they're already sandboxed
 * The patch adds detection for when glycin runs in a snap environment through 
apparmor or environment, and disables sandboxing in this case
 * There's no change to behaviour outside of snap

[ Test Plan ]

 * Build the snap from: 
https://github.com/canonical/iot-example-graphical-snap/tree/26/GTK3-adventure/
   Notice it crashes on startup with:
   ```
   Bail out! 
Gtk:ERROR:../../../gtk/gtkiconhelper.c:495:ensure_surface_for_gicon: assertion 
failed (error == NULL): Failed to load 
/snap/iot-example-graphical-snap/x2/usr/share/icons/Adwaita/scalable/status/image-missing.svg:
 Loader process exited early with status '1'Command:  "bwrap" "--unshare-all" 
"--die-with-parent" "--chdir" "/" "--ro-bind" "/usr" "/usr" "--dev" "/dev" 
"--ro-bind-try" "/etc/ld.so.cache" "/etc/ld.so.cache" "--ro-bind-try" 
"/nix/store" "/nix/store" "--tmpfs" "/tmp-home" "--tmpfs" "/tmp-run" 
"--clearenv" "--setenv" "HOME" "/tmp-home" "--setenv" "XDG_RUNTIME_DIR" 
"/tmp-run" "--setenv" "XDG_RUNTIME_DIR" 
"/run/user/1000/snap.iot-example-graphical-snap" "--symlink" "/usr/lib64" 
"/lib64" "--symlink" "/usr/lib32" "/lib32" "--symlink" "/usr/lib" "/lib" 
"--ro-bind-try" "/etc/fonts/conf.d" "/etc/fonts/conf.d" "--ro-bind-try" 
"/etc/fonts/fonts.conf" "/etc/fonts/fonts.conf" "--ro-bind-try" 
"/home/michal/snap/iot-example-graphical-snap/common/.cache/fontconfig" 
"/home/michal/snap/iot-example-graphical-snap/common/.cache/fontconfig" 
"--ro-bind-try" "/snap/iot-example-graphical-snap/x2/usr/share/fonts" 
"/snap/iot-example-graphical-snap/x2/usr/share/fonts" "--ro-bind-try" 
"/var/cache/fontconfig" "/var/cache/fontconfig" "--bind-try" 
"/home/michal/snap/iot-example-graphical-snap/common/.cache/glycin/usr/libexec/glycin-loaders/2+/glycin-svg"
 
"/home/michal/snap/iot-example-graphical-snap/common/.cache/glycin/usr/libexec/glycin-loaders/2+/glycin-svg"
 "--setenv" "XDG_CACHE_HOME" 
"/home/michal/snap/iot-example-graphical-snap/common/.cache/glycin/usr/libexec/glycin-loaders/2+/glycin-svg"
 "--seccomp" "15" "/usr/libexec/glycin-loaders/2+/glycin-svg" "--dbus-fd" "14" 
(gdk-pixbuf-error-quark, 0)
   ```

[ Where problems could occur ]

 * The patch shouldn't affect non-snap environments, and is a clear improvement 
for GTK-based snaps, allowing them to work at all :)
 * This disables sandboxing _within_ snaps, so whatever data is available to 
the snap is vulnerable to be exploited - this is status quo from before glycin, 
though.


[ Other Info ]

 * The patch comes from the GNOME SDK Snap: 
https://github.com/ubuntu/gnome-sdk/commit/9b048312c0321f7648f85bbd24ab4642ee36a030
 * There's a planned effort to enable nested sandboxing via landlock instead, 
but there's no ETA on this at the moment.

** Affects: glycin (Ubuntu)
     Importance: Undecided
         Status: New

** Patch added: "glycin-snap-no-sandbox.patch"
   
https://bugs.launchpad.net/bugs/2158724/+attachment/5979574/+files/glycin-snap-no-sandbox.patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2158724

Title:
  [SRU] glycin doesn't work in snaps due to sandboxing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glycin/+bug/2158724/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to