Complete /etc content from host accessible to the snap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Especially on classic, the fact that complete /etc is accessible in the snap is puzzling and can lead to errors.
For instance, I had timidity installed on my system. The snap was working well for me (I included timidity and such).
When tried on a different machine (one of my user), then, the snap fails. Indeed, timidity was reading /etc/timidity/
The fact to have an uncontrolled /etc content which can differ from machine to machine is quite opposite to the "run your snap under a controlled environment, and then, it will run everywhere".
I understand that we need to make some files in /etc from the host (like network configuration, hostname…) available to the snap, but we should do this on a file-by-file or directory-
summary: |
- Whole /etc content from host accessible to the snap + Complete /etc content from host accessible to the snap |
Changed in snapd: | |
importance: | High → Medium |
This is an older design decision from Snappy pre 15.04. We kept it going forward but I believe there is an unwritten agreement that we need to take a hold of /etc and provide a controlled one for each snap. This is not on the roadmap yet so it will probably happen as a side effect of a more serious bug that requires it.