snapd

Snaps fail to run when user's home directory is not under /home

Bug #1594904 reported by Reuben Swartz
58
This bug affects 9 people
Affects Status Importance Assigned to Milestone
snapd
Triaged
Medium
Unassigned

Bug Description

Steps to reproduce:

Install a snap
switch to a user that has a home directory that is not under /home
Run the snap

What is expected to happen:

The snap runs

What happens:

The snap fails with the message:

failed to create user data directory. errmsg: Permission denied

There is also the following apparmor event in /var/log/syslog:

Jun 21 11:13:02 WALM03V kernel: [344000.915060] audit: type=1400 audit(1466521982.277:13026): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/var/" pid=23123 comm="ubuntu-core-lau" requested_mask="r" denied_mask="r" fsuid=108 ouid=0

Revision history for this message
Mark Shuttleworth (sabdfl) wrote : Re: [Bug 1594904] [NEW] Snaps fail to run when user's home directory is not under /home

This one might be tricky to address securely. Out of interest, where is
the home directory in question?

Mark

Revision history for this message
Reuben Swartz (rbn-swartz) wrote :

This particular case is jenkins and the configuration of jenkins has its home in /var/lib/jenkins

Revision history for this message
Gustavo Niemeyer (niemeyer) wrote :

We can fallback and write data elsewhere on such cases (/var/lib/snapd/user/<user>/... or similar).

Revision history for this message
Jørgen Hermanrud Fjeld (jorgen.fjeld) wrote :

There is already a mechanism to support a custom home directory (but not the /var/lib/jenkins case),
by using
dpkg-reconfigure apparmor
that writes to /etc/apparmor.d/tunables/home.d/ubuntu
by adding to the HOMEDIRS apparmor variable with
@{HOMEDIRS}+=/home/users

I think this could be extended to cover HOME as well, such that one could have
@{HOME}+=/var/lib/jenkins

It would still not be automatic, but at least provide a clearly support method for having a custom home directory when using snap.

Michael Vogt (mvo)
Changed in snappy:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Tobias McQuire (ludden) wrote :

Doesn't work, if sudo has no access right to the home directory(because home is a NFS directory)

Revision history for this message
Volker Siegel (vsiegel) wrote :

I do not want to be annoying, but this is important:
This is a severe problem. It's not just bad.
A central property of a Linux system with a windowing system running on it is, since the first days of Linux, that the underlying system below the window system just works.
And if any important component even remotely cares about where I have my home directory, or even what the technical details of the path are, that is just broken.
I may even know where my home directory is, physically and in any abstract sense. A user may not even understand the technical concepts involved. That is a perfectly valid situation, if a system like Ubuntu is aimed at desktop users. I think this should be in the category of maximal importance. I would even agree it should block a release. That it is hard to fix is not a valid reason to give it low importance. (Note I'm not angry writing this, and it is not meant aggressive.)

Again, this is a really big issue.

Michael Vogt (mvo)
affects: snappy → snapd
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.