snapd

"Permission denied" when attempting to read `/proc/net/ipv6_route`

Bug #2067923 reported by Gabriel Mougard on 2024-06-03

This bug report will be marked for expiration in 37 days if no further activity occurs. (find out why)

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	snapd	Incomplete	Undecided	Unassigned

Bug Description

In the MicroCloud project (https://github.com/canonical/microcloud/pull/248), we are reading `/proc/net/route` in order to get IPv4 routing information for our FAN networking setup. Reading this file works well, but when we try to read `/proc/net/ipv6_route` (when IPv4 subnet gw discovery fails), we get 'open `/proc/net/ipv6_route`: permission denied'. We saw this issue rise in our GitHub runner as part of our CI pipeline. This is strange as both files seem to be world readable and convey the same information.

Here is our `snapcraft.yaml` for MicroCloud:

```yaml
name: microcloud
base: core22
assumes:
- snapd2.59
version: git
grade: devel
source-code: https://github.com/canonical/microcloud.git
summary: Fully automated private clouds
description: |-
Fully automated private clouds.

confinement: strict

apps:
  # Service
  daemon:
    command: commands/daemon.start
    daemon: simple
    plugs:
      - lxd
      - microceph
      - microovn
      - network
      - network-bind

  # Commands
  microcloud:
    command: commands/microcloud
    plugs:
      - network

parts:
  dqlite:
    build-attributes: [core22-step-dependencies]
    after:
      - raft
    source: https://github.com/canonical/dqlite
    source-type: git
    source-depth: 1
    plugin: autotools
    autotools-configure-parameters:
      - --prefix=
    stage-packages:
      - libsqlite3-0
      - libuv1
    build-packages:
      - libsqlite3-dev
      - libuv1-dev
      - pkg-config
    organize:
      usr/lib/: lib/
    prime:
      - lib/libdqlite*so*
      - lib/*/libuv*

  raft:
    build-attributes: [core22-step-dependencies]
    source: https://github.com/canonical/raft
    source-type: git
    source-depth: 1
    plugin: autotools
    autotools-configure-parameters:
      - --prefix=
    stage-packages:
      - libuv1
      - liblz4-1
    build-packages:
      - libuv1-dev
      - liblz4-dev
      - pkg-config
    organize:
      usr/lib/: lib/
    prime:
      - lib/libraft*so*
      - lib/*/libuv.so*

  microcloud:
    build-attributes: [core22-step-dependencies]
    source: https://github.com/canonical/microcloud
    source-type: git
  source-depth: 1
    after:
      - dqlite
    build-snaps:
      - go
    plugin: nil
    override-pull: |
      craftctl default
      set -ex

      # Download the dependencies
      cd microcloud
      go get -d -v -tags=agent ./...
    override-build: |
      set -ex

      # Setup build environment
      export CGO_CFLAGS="-I${SNAPCRAFT_STAGE}/include/ -I${SNAPCRAFT_STAGE}/usr/local/include/"
      export CGO_LDFLAGS="-L${SNAPCRAFT_STAGE}/lib/ -L${SNAPCRAFT_STAGE}/usr/local/lib/"
      export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"

      # Build the binaries
      cd microcloud
      go build -trimpath -o "${SNAPCRAFT_PART_INSTALL}/bin/microcloud" -tags=agent ./cmd/microcloud
      go build -trimpath -o "${SNAPCRAFT_PART_INSTALL}/bin/microcloudd" -tags=agent,libsqlite3 ./cmd/microcloudd

      # Strip binaries
      strip -s "${SNAPCRAFT_PART_INSTALL}/bin/microcloud"
      strip -s "${SNAPCRAFT_PART_INSTALL}/bin/microcloudd"
    prime:
      - bin/microcloud
      - bin/microcloudd

  wrappers:
    plugin: dump
    source: snapcraft/

```

See original description

Gabriel Mougard (gabrielmougard) on 2024-06-03

description:

updated

Gabriel Mougard (gabrielmougard) on 2024-06-03

description:

updated

Gabriel Mougard (gabrielmougard) on 2024-06-03

description:

updated