| 2022-05-13 13:27:08 |
Alberto Mardegan |
description |
All snaps fail to start when the current working directory is under a sshfs tree:
/tmp/test$ hello-world
cannot open path of the current working directory: Permission denied
The reason is that sshfs by default disallows the root user (or any user other than the one who created the mount) from accessing the mounted file system, and snap-confine is a setuid program which before dropping its privileges tries to open the current working directory and terminates if that operation fails:
In sc_preserve_and_sanitize_process_state():
proc_state->orig_cwd_fd =
openat(AT_FDCWD, ".",
O_PATH | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
if (proc_state->orig_cwd_fd < 0) {
die("cannot open path of the current working directory");
}
There are workarounds for this situations: one can add the "user_allow_other" option to /etc/fuse.conf and call sshfs with the "-o allow_root" option, and this will allow snaps to start, yet it's a suboptimal experience.
We could try to move this part of code a bit later, after having dropping the privileges. I also tried using get_current_dir_name() + chdir() instead, but while the first call works (because it uses the $PWD variable) the other one fails with EACCES. |
All snaps fail to start when the current working directory is under a sshfs tree:
/tmp/test$ hello-world
cannot open path of the current working directory: Permission denied
The reason is that sshfs by default disallows the root user (or any user other than the one who created the mount) from accessing the mounted file system, and snap-confine is a setuid program which before dropping its privileges tries to open the current working directory and terminates if that operation fails:
In sc_preserve_and_sanitize_process_state():
proc_state->orig_cwd_fd =
openat(AT_FDCWD, ".",
O_PATH | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);
if (proc_state->orig_cwd_fd < 0) {
die("cannot open path of the current working directory");
}
There are workarounds for this situations: one can add the "user_allow_other" option to /etc/fuse.conf and call sshfs with the "-o allow_root" option, and this will allow snaps to start, yet it's a suboptimal experience.
Possible solutions:
A) Move this part of code a bit later, after having dropping the privileges.
B) Drop the privileges before making this call, and restore them afterwards.
C) Use get_current_dir_name() to get the directory name if openat() fails, then restore it using chdir(). |
|
