snapd

core snap/amd64: dynamic linker unusable in classic confinement when using Zesty

Bug #1684063 reported by James Henstridge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Fix Released
Undecided
Unassigned

Bug Description

From what I can tell, the intention is that classic confinement snaps should be linked such that they use /snap/core/current/lib64/ld-linux-x86-64.so.2 as the dynamic linker (or whatever the variant is for other architectures).

This doesn't work for me using revision 1577 of the core snap (stable channel) on Zesty, since that location is a dangling symlink. It points at "/lib/x86_64-linux-gnu/ld-2.23.so" (a path belonging to the underlying system in classic mode), which doesn't exist because Zesty ships with glibc 2.24.

This symbolic link should instead be a relative path so it points to the dynamic linker within the core snap no matter whether you're running in classic or strict confinement.

Revision history for this message
Oliver Grawert (ogra) wrote :

but that would mean classic snaps would always use the in-core linker and never the system one ... isnt using the system linker one of the features classic snaps are used for ?

perhaps that should rather be handled by snap-confine, i.e. it could bind mount the hosts linker on top of the core one if classic confinement is used ...

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

The principle behind classic confinement is that we don't bind mount anything (we cannot as that would leak to the system) and that we run everything from the core snap so the actual distribution doesn't matter.

Properly built snaps using classic confinement should use the dynamic linker from the core snap, if this doesn't work then snapcraft should be fixed and affected snaps should be re-built.

Revision history for this message
James Henstridge (jamesh) wrote :

It looks like snapcraft tried to work around this bug in the core snap with https://github.com/snapcore/snapcraft/pull/1189, which ignores the core snap linker if it is a broken symlink.

So if the core snap is fixed to make this a relative symlink, rebuilding should fix any affected snaps. Of course, any classic confinement snaps built on Xenial should be fine since the symlink will be valid.

Revision history for this message
Michael Vogt (mvo) wrote :

https://github.com/snapcore/core/pull/71

Changed in snapd:
status: New → In Progress
Paweł Stołowski (stolowski)
Changed in snapd:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.