x11 plug doesn't allow getsockname, breaks xeyes

Bug #1574526 reported by Chad Miller
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snappy
High
Zygmunt Krynicki

Bug Description

$ cat snapcraft.yaml
name: xeyes
version: 1
description: eyes
summary: toy
apps:
 xeyes:
  command: usr/bin/xeyes
  plugs: [ x11 ]
parts:
 pkg:
  plugin: nil
  stage-packages: [ x11-apps ]

$ sudo snap install xeyes_1_amd64.snap

$ /snap/bin/xeyes
Bad system call

$ sudo snap remove xeyes; sudo snap install xeyes_1_amd64.snap --devmode

$ dmesg

[14679.559162] audit: type=1400 audit(1461575043.232:81): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/" pid=17382 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
[14679.559225] audit: type=1400 audit(1461575043.232:82): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/" pid=17382 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
[14679.559280] audit: type=1400 audit(1461575043.232:83): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVSLLqGjPZbPkisPnF3LfOn---/" pid=17382 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
[14679.559345] audit: type=1400 audit(1461575043.232:84): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/cmiller/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVm2NAu0yQBQyD7yyIFBnaJE--/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVSLLqGjPZbPkisPnF3LfOn---/ECRYPTFS_FNEK_ENCRYPTED.FWb4VZJUL514cESvVcp5DUiJnlmnLbK3jZjVCxyq5n0vRbI7ulhTVdrjek--/" pid=17382 comm="ubuntu-core-lau" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000

Chad Miller (cmiller)
description: updated
Revision history for this message
Chad Miller (cmiller) wrote :

Doesn't seem to be dependent on ecryptfs home.

Changed in snappy:
status: New → Invalid
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I just tried this locally and the issue seems to be "getsockname" which is not in the x11 interface.

tags: added: snappy-interfaces
summary: - snappy doesn't work with encrypted home directory
+ x11 plug doesn't allow getsockname, breaks xeyes
Changed in snappy:
status: Invalid → Confirmed
Revision history for this message
Zygmunt Krynicki (zyga) wrote :
Changed in snappy:
assignee: nobody → Zygmunt Krynicki (zyga)
Michael Vogt (mvo)
Changed in snappy:
milestone: none → sru-1
importance: Undecided → High
status: Confirmed → In Progress
status: In Progress → Fix Committed
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Chad, or anyone else affected,

Accepted snapd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.0.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
John Lenton (chipaca)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of the Stable Release Update for snapd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Michael Vogt (mvo)
Changed in snappy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers