snapd

snap-confine cannot be setuid root on openSUSE

Bug #1657098 reported by Zygmunt Krynicki
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Won't Fix
Undecided
Zygmunt Krynicki

Bug Description

OpenSUSE has a special system that (via the permissions package) that dictates which executable can be setuid root on the whole system. Extensions to that list are carefully managed through the core distribution. It would be good for snap-confine to work without requiring real root (e.g. through Linux capabilities) so that there's one less roadblock for becoming available to OpenSUSE users and developers.

NOTE: this is a clone of the following github issue https://github.com/snapcore/snapd/issues/2576

Tags: cross-distro
Zygmunt Krynicki (zyga)
Changed in snapd:
status: New → Confirmed
assignee: nobody → Zygmunt Krynicki (zyga)
Simon Fels (morphis)
tags: added: cross-distro
Revision history for this message
Neal Gompa (ngompa13) wrote :

This is technically also a problem for Fedora, too, but we're able to ignore it for the moment, because package linting is advisory rather than hard blocker to package builds.

But I'd like to switch Fedora back to file caps ASAP.

Revision history for this message
Zygmunt Krynicki (zyga) wrote : Re: [Bug 1657098] Re: snap-confine cannot be setuid root on openSUSE

This could use some kernel person hand-holding the caps build and
trying to figure out why the permission denied error is returned while
holding all the (seemingly) relevant capabilities.

On Tue, Apr 18, 2017 at 12:16 PM, Neal Gompa <email address hidden> wrote:
> This is technically also a problem for Fedora, too, but we're able to
> ignore it for the moment, because package linting is advisory rather
> than hard blocker to package builds.
>
> But I'd like to switch Fedora back to file caps ASAP.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1657098
>
> Title:
> snap-confine cannot be setuid root on openSUSE
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/snapd/+bug/1657098/+subscriptions

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I don't think we are going to realistically implement this anytime soon. Closing.

Changed in snapd:
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.