classic confinement reexec and using the snap command *inside* the snap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Fix Released
|
Critical
|
Zygmunt Krynicki |
Bug Description
Doing a snap install conjure-up --classic on a fresh 16.04.02 system with snapd 2.25 installed. Causes snapd to update itself to 2.26.9 and breaking classic snap installs that use the "snap" command inside their classic confinement in the process.
This is the forum post related to this bug:
https:/
And the related PR
https:/
This was the last post from zyga during the writing of this bug:
```
So I think this is going on:
zyga@fyke:
snap 2.26.9
snapd 2.26.9
series 16
ubuntu 16.04
kernel 4.8.0-58-generic
Now let's run a shell of a snap with classic confinement:
zyga@fyke:
zyga@fyke:
snap 2.25
snapd 2.26.9
series 16
ubuntu 16.04
kernel 4.8.0-58-generic
What just happened? We are still in the main mount namespace so /usr/bin/snap is the distro version. We have however set SNAP_DID_REEXEC=1 and SNAP_REEXEC= so subsequent invocations of snap will just run from the distro package and never attempt to re-exec into the core snap.
This means that classic confinement snaps will use the wrong snap, the wrong snap-confine and won't understand snap-seccomp.
Reply
Bookmark Share Flag Reply
```
tags: | added: conjure |
summary: |
- classic confinement reexec + classic confinement reexec and using the snap command *inside* the snap |
description: | updated |
Changed in snapd: | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → Zygmunt Krynicki (zyga) |
Changed in snapd: | |
status: | In Progress → Fix Released |
I have tested the beta core snap and can confirm conjure-up is able to work again
Thank you,
Adam