Access to /dev/shm/sem.snap.@{SNAP_NAME}.* should be allowed for semaphores to work
Bug #1653955 reported by
Olivier Tilloy
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snappy |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
(initially reported at https:/
I’m snapping an app that makes use of semaphores¹ and seeing an apparmor denial. The glibc implementation of sem_open calls SHM_GET_
snapd only allows /dev/shm/
At a quick glance, there’s no mechanism (e.g. env var) to customize the prefix ("sem.").
/dev/shm/sem.* could be namespaced by snap name by allowing /dev/shm/
¹ http://
tags: | added: snapd-interface |
Changed in snappy: | |
status: | New → Confirmed |
description: | updated |
Changed in snappy: | |
status: | Confirmed → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in snappy: | |
status: | Triaged → In Progress |
Changed in snappy: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This will be fixed in snapd 2.21.