Microbox snap: wrong application creation error ("zip_archive_support" not supported)

Bug #2067252 reported by Michele Lo Russo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Anbox Cloud
Fix Released
Medium
Simon Fels

Bug Description

I was trying to create an application using a zip archive via CLI with the microbox snap, and accidentally forgot to prepend sudo:

ubuntu@juju-4d0777-prod-anbox-cloud-webdemo-2:~$ amc application create test_application.zip
Error: api extension "zip_archive_support" not supported

But actually, this is not the reason why it failed. The "zip_archive_support" is present indeed:

ubuntu@juju-4d0777-prod-anbox-cloud-webdemo-2:~$ sudo amc info | grep zip
- zip_archive_support

So, this should probably give a different error? (Permission denied, I guess?)

Revision history for this message
Gary.Wang (gary-wzl77) wrote :

Hey Michele
The microbox snap is running in strict confined mode, the unix domain socket(/var/snap/microbox/common/ams/server/unix.socket) is owned by ,
```
srw-rw---- 1 root root 0 5月 28 11:00 /var/snap/microbox/common/ams/server/unix.socket
```

That's the reason you encountered the above issue.

For the ams charm(regular deployment), we made some tweaks:

1. created the ams group.
2. added the current login user to that group.
3. changed the group of the Unix domain socket with:
  $ chown :ams /var/snap/ams/common/server/unix.socket

You can do something similar for the microbox to allow running the amc command without sudo.

BR
Gary

Revision history for this message
Michele Lo Russo (lorumic) wrote :

Hey Gary
That's not the point of the issue. The point is that the error message is wrong/misleading:

> But actually, this is not the reason why it failed. The "zip_archive_support" is present indeed:

> ubuntu@juju-4d0777-prod-anbox-cloud-webdemo-2:~$ sudo amc info | grep zip
- zip_archive_support

> So, this should probably give a different error? (Permission denied, I guess?)

Revision history for this message
Simon Fels (morphis) wrote :

You both are right :-)

The problem is in the way of how we check for an extension to be supported

func (c *clientImpl) HasExtension(name string) bool {
 if c.serviceStatus == nil {
  status, _, err := c.RetrieveServiceStatus()
  if err != nil {
   return false
  }
  c.serviceStatus = status
 }
        ....
}

RetrieveServiceStatus returns an error here but we hide that error. The reason it returns an error is that this is the first time the underlying HTTP client attempts to connect to the unix domain socket as Gary is describing. This can be fixed either by what Gary descries or by running amc as root as Michele did. The actual problem is though that we hide the connection error.

Changed in anbox-cloud:
assignee: nobody → Simon Fels (morphis)
Revision history for this message
Simon Fels (morphis) wrote :
Changed in anbox-cloud:
importance: Undecided → Medium
status: New → In Progress
milestone: none → 1.23.0
Gary.Wang (gary-wzl77)
Changed in anbox-cloud:
status: In Progress → Fix Committed
Simon Fels (morphis)
Changed in anbox-cloud:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.