snapd

Scripts in core snap attempt to do things impossible under confinement and die

Bug #1779416 reported by Kyle Fazzari on 2018-06-29

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	snapd	Fix Released	Undecided	Unassigned

Bug Description

The core snap contains a shell script at /snap/core/current/lib/lsb/init-functions. This script ends with the following line:

[ -e /etc/lsb-base-logging.sh ] && . /etc/lsb-base-logging.sh || true

This script is also available for running from confined snaps, and it is actually used (e.g. by mysql). However, this last line causes the script to exit non-zero if /etc/lsb-base-logging.sh actually exists: apparmor leaks stats, which means [ -e /etc/lsb-base-logging.sh ] succeeds under strict confinement if the file actually exists, but then . /etc/lsb-base-logging.sh fails due to a lack of permissions, causing /snap/core/current/lib/lsb/init-functions to exit non-zero, which causes mysql to crash as well.

May I suggest removing that line? It can never succeed under confinement, and only causes problems. Classic confinement will be using the host's lib/lsb/init-functions, so that shouldn't be a concern.

See original description

Kyle Fazzari (kyrofa) on 2018-06-29

description:	updated
description:	updated
description:	updated

Revision history for this message

Michael Vogt (mvo) wrote on 2018-08-31:

This is being worked on in:

https://github.com/snapcore/core18/pull/65
https://github.com/snapcore/core/pull/95

Changed in snapd:
status:	New → In Progress

Revision history for this message

Michael Vogt (mvo) wrote on 2018-11-14:

This is fixed now in core.

Changed in snapd:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.