fails to start when confined in a snap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gunicorn (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
I attempted to package a simple WSGI app in an Ubuntu snap with gunicorn, and ran into a problem with gunicorn vs. the Snap security policy.
The policy forbids calling chown at all, whereas the workers.
I've attached a patch that attempts to short-circuit chown when it would be a no-op, which is the case when gunicorn is run as root in a snap, and this patch lets my app work when confined.
snaps also do not currently allow setuid, etc., and so there's no sense in trying to create a gunicorn-using snap that starts as root and then drops privileges. For more information on the snap security policy, please visit: https:/
and https:/
description: | updated |
description: | updated |
Changed in gunicorn (Ubuntu): | |
importance: | Undecided → Low |
status: | New → Triaged |
The attachment "skip chown when it would be a no-op" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]