Complete /etc content from host accessible to the snap

Bug #1648712 reported by Didier Roche on 2016-12-09
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd
High
Unassigned

Bug Description

Especially on classic, the fact that complete /etc is accessible in the snap is puzzling and can lead to errors.

For instance, I had timidity installed on my system. The snap was working well for me (I included timidity and such).
When tried on a different machine (one of my user), then, the snap fails. Indeed, timidity was reading /etc/timidity/timidity.cfg, which was happily installed on my system (having the deb version of timidity installed), but was failing on the other system.

The fact to have an uncontrolled /etc content which can differ from machine to machine is quite opposite to the "run your snap under a controlled environment, and then, it will run everywhere".

I understand that we need to make some files in /etc from the host (like network configuration, hostname…) available to the snap, but we should do this on a file-by-file or directory-by-directory bases, to ensure we are in control of what is available to the snap.

Didier Roche (didrocks) on 2016-12-09
summary: - Whole /etc content from host accessible to the snap
+ Complete /etc content from host accessible to the snap
Zygmunt Krynicki (zyga) wrote :

This is an older design decision from Snappy pre 15.04. We kept it going forward but I believe there is an unwritten agreement that we need to take a hold of /etc and provide a controlled one for each snap. This is not on the roadmap yet so it will probably happen as a side effect of a more serious bug that requires it.

affects: snappy → snapd
Changed in snapd:
status: New → Confirmed
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers