The remapped $HOME directory shows as read-only to applications running in a snap

Bug #1577472 reported by Christopher Townsend
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
snapd
Expired
Undecided
Unassigned

Bug Description

I have created a snap with the home interface included and connected. $HOME is remapped to a different location during snap install. When an application tries to write to the new location, it says it is read-only and fails.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I just made a test snap that has the home interface and I cannot reproduce this bug.

snapcraft.yaml:

name: ifaces-demo-home
version: 0.1
summary: Example snap using the home interface
description: |
    This is an example snap for teaching developers about app confinement and
    interfaces. In particular, this snap focuses on the "home" interface that
    grants access to most of the users' home directory
apps:
    ifaces-demo-home:
        command: busybox
plugs:
    home:
parts:
    shell:
        plugin: nil
        stage-packages: [busybox-static]

Build, install and connect the snap:

$ snapcraft
$ sudo snap install --devmode ./ifaces-demo-home_0.1_amd64.snap
$ sudo snap connect ifaces-demo-home:home ubuntu-core:home

Then you should be able to run a shell with:

$ ifaces-demo-home sh

Inside the shell you can inspect the environment. As you should be able to see the $HOME variable is altered:

~/Dokumenty/Snaps/home-demo $ echo $HOME
/home/zyga/snap/ifaces-demo-home/100001

I think it is an interesting bug, if HOME should be altered in this case. I think it should but we should also expose OLD_HOME or something like that (maybe SNAP_USER_HOME).

Quick experiments (mkdir, cat, etc) will show you that the process indeed has access to most of the files in the home directory. Dot files are not allowed. I would perhaps argue that we should allow reading .config/user-dirs.dirs OR perhaps read it from ubuntu-core-launcher and set the relevant XDG variables directly.

Changed in snappy:
status: New → Incomplete
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I'm marking this bug as incomplete as clearly the stated problem doesn't exist (though other problems are interesting spin-offs). Please advise as to what you'd like to see done.

Revision history for this message
Christopher Townsend (townsend) wrote :

> Dot files are not allowed.

This is what is messing up my snap. I did not realize this, and when the app fails to create it's config file under ~/.config, it reports back read-only which is why I assumed the whole directory is read only.

Revision history for this message
Zygmunt Krynicki (zyga) wrote : Re: [Bug 1577472] Re: The remapped $HOME directory shows as read-only to applications running in a snap

~/.config will actally be under the app's special private home
directory. Perhaps the home interface is interfering with that. Let me
check

On Tue, May 3, 2016 at 3:19 PM, Christopher Townsend
<email address hidden> wrote:
>> Dot files are not allowed.
>
> This is what is messing up my snap. I did not realize this, and when
> the app fails to create it's config file under ~/.config, it reports
> back read-only which is why I assumed the whole directory is read only.
>
> --
> You received this bug notification because you are a member of Snappy
> Developers, which is subscribed to Snappy.
> https://bugs.launchpad.net/bugs/1577472
>
> Title:
> The remapped $HOME directory shows as read-only to applications
> running in a snap
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/snappy/+bug/1577472/+subscriptions

Revision history for this message
Christopher Townsend (townsend) wrote :

I seem to have the same problem regardless if I have the home interface connected or not.

I have 5 apps in a chroot that are in the snap. These apps are Firefox, LibreOffice, Gedit, Gimp, and Xchat.

Here is an error that Gimp outputs on start up:

GIMP-Error: Could not open '/home/townsend/snap/puritine/100001/.gimp-2.8/themerc' for writing: Read-only file system

I also have Firefox and it fails due to not being to create the users Firefox config file. Other apps like LibereOffice also fail, but do not give specifics, but I imaging it's also not being able to write it's config data.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Can you tell me more about your filesystem arrangement? Is this on the
16.04 desktop (or on series-16 IOT images). Is your home directory in
/home/ or do you have some magic (symlinks/bindmounts/etc).

Can you please attach a copy of your syslog?

Revision history for this message
Christopher Townsend (townsend) wrote :

Yes, this is the 16.04 desktop. I have /home in it's normal place and no special mounts or symlinks. Basically, a standard Ubuntu desktop install.

I've attached the syslog as requested.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I had a look at the attached syslog and apart from a lot of dbus work (which will need an interface most likely) I cannot see anything suspicious. Can you try to reduce this snap to a smaller test case that shows you get EROFS returned (read only file system) when trying to access stuff in $HOME

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

 One more thing I can offer is to inspect your snap. If you can share
it with me (perhaps in private). Join IRC (my nick name is zyga) if
you can or email me at <email address hidden>

On Tue, May 3, 2016 at 4:55 PM, Zygmunt Krynicki
<email address hidden> wrote:
> I had a look at the attached syslog and apart from a lot of dbus work
> (which will need an interface most likely) I cannot see anything
> suspicious. Can you try to reduce this snap to a smaller test case that
> shows you get EROFS returned (read only file system) when trying to
> access stuff in $HOME
>
> --
> You received this bug notification because you are a member of Snappy
> Developers, which is subscribed to Snappy.
> https://bugs.launchpad.net/bugs/1577472
>
> Title:
> The remapped $HOME directory shows as read-only to applications
> running in a snap
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/snappy/+bug/1577472/+subscriptions

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I now have the snap in question, I will analyse the problem in more detail.

Changed in snappy:
status: Incomplete → In Progress
assignee: nobody → Zygmunt Krynicki (zyga)
tags: added: snapd-interface
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Is this issue still a problem?

Changed in snappy:
status: In Progress → Incomplete
assignee: Zygmunt Krynicki (zyga) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Snappy because there has been no activity for 60 days.]

Changed in snappy:
status: Incomplete → Expired
Revision history for this message
Ivaylo Mateev (imateev) wrote :

I have the same Problem on Ubuntu 16.04.1

cannot create user data directory: /datapool/Users/im/snap/hello-world/27: Read-only file system

The system is installed on btrfs.

Ivaylo Mateev (imateev)
Changed in snappy:
status: Expired → New
status: New → Confirmed
Revision history for this message
Jonatã Bolzan Loss (jbopen) wrote :

Same behavior here. It is not able to create /home/username/snap/test/x1/.config directory.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

@Ivaylo, your issues is that your home directory is not in the standard location and is https://bugs.launchpad.net/snapcraft/+bug/1620771

Jonatã, I suspect your issue is that /home/username/snap is owned by root. Can you confirm?

Zygmunt, did you have a chance to look at this?

affects: snappy → snapd
Changed in snapd:
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for snapd because there has been no activity for 60 days.]

Changed in snapd:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.