snapd

  1. Bug #1669477
  2. Comment #1

Comment 1 for bug 1669477

Revision history for this message
Pat McGowan (pat-mcgowan) wrote :

From the duplicate
To reproduce this issue.
1. Fetch the source code from here
    http://bazaar.launchpad.net/~gary-wzl77/+junk/test-hooks/files
2. snap the project
    snapcraft && sudo snap install --devmode hooks_0.1_amd64.snap
3. run the following command
   sudo hooks.test
5. goto ${SNAP_DATA}/hooks/current to check new folder's owner(It's an expected result)
   drwxr-xr-x 2 daemon daemon 4096 3月 9 15:39 new_folder
6. disalbe and enable the snap
   sudo snap disable hooks && sudo snap enable hooks
7. run the test command again
   /snap/hooks/x1/bin/test: 11: /snap/hooks/x1/bin/test: chown: Permission denied

chown syscall is allowed in devmode but forbidden in strict confinement mode at this moment due to the bug.
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1581310

So from the above step, devmode capability is dropped after running snap enable/disable and the snap has become a strict confinement snap.