snap stop --disable svc with socket doesn't disable the socket
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Confirmed
|
Medium
|
Unassigned |
Bug Description
With a service/daemon in a snap declared with a socket to be socket activated, if the service is active, snap stop --disable will not disable the socket activation and thus the service can still be activated/started via the socket.
To reproduce:
1. Install a snap that declares a socket
2. Run `snap stop --disable $SNAP.$SVC`
3. Observe the service is reported as disabled by `snap services $SNAP.$SVC`
4. Write to the snap service's socket with a tool like curl or nc.
5. Observe the service is now active with `snap services $SNAP.$SVC`
Note that the solution here may not be obvious, it might be that in order to stop/disable a service's sockets a different command or option needs to be used, because as per https:/
Regardless of what command option we use to disable the socket, there should be a `snap stop` command that can disable a service's socket because there currently is not (you have to use systemctl to disable it currently which isn't a solution because you can't use that from inside a snap with snapctl for instance).
Changed in snapd: | |
assignee: | nobody → Ian Johnson (anonymouse67) |
Changed in snapd: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in snapd: | |
status: | In Progress → Confirmed |
Changed in snapd: | |
assignee: | Ian Johnson (anonymouse67) → nobody |
We discussed this in Paris, and for now we will make `snap stop --disable svc-with-sockets` disable all sockets for a service.
At some point in the future we will add the ability to disable individual sockets