snapd

consider better handling for .pyc files

Bug #1496895 reported by Jamie Strandboge on 2015-09-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	snapd	Triaged	Low	Unassigned

Bug Description

Python snaps are trying to manipulate .pyc files in the system and read-only install directories and the security policy has (or will very soon) explicit deny rules:

deny /usr/lib/python3*/{,**/}__pycache__/ w,
deny /usr/lib/python3*/{,**/}__pycache__/**.pyc.[0-9]* w,
deny @{CLICK_DIR}/@{APP_PKGNAME}/**.pyc w,

this violates the snappy FHS. For now, this is ok-- the security policy is blocking the access without logging and the apps will run fine. However, the .pyc files are not being utilized so perhaps there is a way that the .pyc files could be written out in SNAP_APP_DATA_PATH somewhere instead of the readonly areas?

Related branches

lp:ubuntu/wily-proposed/ubuntu-core-security

Jamie Strandboge (jdstrand) on 2015-09-18

Changed in ubuntu-core-security (Ubuntu):
status:	New → In Progress
importance:	Undecided → High
assignee:	nobody → Jamie Strandboge (jdstrand)
no longer affects:	ubuntu-core-security (Ubuntu)

Michael Vogt (mvo) on 2016-04-27

Changed in snappy:
status:	New → Triaged
importance:	Undecided → Low

Michael Vogt (mvo) on 2023-09-20

affects:

snappy → snapd

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.