Unpacking a snap with mode-555 top-level squashfs-root in a subdirectory of a subdirectory of /tmp fails

Bug #1801788 reported by Daniel Manrique
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Click Reviewers tools (obsolete)
Fix Released
Undecided
Jamie Strandboge

Bug Description

Given the attached evil snap (whose only evilness is that its top-level squashfs-root directory is mode 555), this works:

PYTHONPATH=$PYTHONPATH:~/click-reviewers-tools/ ~/click-reviewers-tools/bin/unpack-package ./kooo.snap /tmp/top-level-1

Successfully unpacked to '/tmp/top-level-1'

But this fails (notice the extra directory level):

mkdir /tmp/top-level-2
PYTHONPATH=$PYTHONPATH:~/click-reviewers-tools/ ~/click-reviewers-tools/bin/unpack-package ./kooo.snap /tmp/top-level-2/sub-level-1

Traceback (most recent call last):
  File "/usr/lib/python3.6/shutil.py", line 544, in move
    os.rename(src, real_dst)
PermissionError: [Errno 13] Permission denied: '/tmp/review-tools-zj9goluu' -> '/tmp/top-level-2/sub-level-1'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/ubuntu/click-reviewers-tools/bin/unpack-package", line 15, in <module>
    common.unpack_pkg(pkg, dir)
  File "/home/ubuntu/click-reviewers-tools/clickreviews/common.py", line 666, in unpack_pkg
    return _unpack_snap_squashfs(fn, dest, item)
  File "/home/ubuntu/click-reviewers-tools/clickreviews/common.py", line 635, in _unpack_snap_squashfs
    return _unpack_cmd(cmd, d, dest)
  File "/home/ubuntu/click-reviewers-tools/clickreviews/common.py", line 591, in _unpack_cmd
    shutil.move(d, dest)
  File "/usr/lib/python3.6/shutil.py", line 556, in move
    rmtree(src)
  File "/usr/lib/python3.6/shutil.py", line 480, in rmtree
    _rmtree_safe_fd(fd, path, onerror)
  File "/usr/lib/python3.6/shutil.py", line 438, in _rmtree_safe_fd
    onerror(os.unlink, fullname, sys.exc_info())
  File "/usr/lib/python3.6/shutil.py", line 436, in _rmtree_safe_fd
    os.unlink(name, dir_fd=topfd)
PermissionError: [Errno 13] Permission denied: 'command-hello.wrapper'

This is a minimal snap that reproduces the issue but we've managed to repro this with any snap whose squashfs-root is not writable by the owner (mode 555 is the reason we've encountered). This is rare but has happened with manually-created snaps that result when squashfs'ing a whole filesystem whose root (/) is mode 555. Ubuntu doesn't have this, but some other distros do.

Revision history for this message
Daniel Manrique (roadmr) wrote :
Changed in click-reviewers-tools:
status: New → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is fix in r1152.

Changed in click-reviewers-tools:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.