Snappy

Access to /dev/shm/sem.snap.@{SNAP_NAME}.* should be allowed for semaphores to work

Bug #1653955 reported by Olivier Tilloy on 2017-01-04

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Snappy	Fix Released	Medium	Jamie Strandboge

Bug Description

(initially reported at https://lists.ubuntu.com/archives/snapcraft/2017-January/002222.html)

I’m snapping an app that makes use of semaphores¹ and seeing an apparmor denial. The glibc implementation of sem_open calls SHM_GET_NAME(EINVAL,SEM_FAILED,SEM_SHM_PREFIX) where SEM_SHM_PREFIX is "sem.", so it tries to create /dev/shm/sem.{name}, which fails because
snapd only allows /dev/shm/snap.@{SNAP_NAME}.**.
At a quick glance, there’s no mechanism (e.g. env var) to customize the prefix ("sem.").

/dev/shm/sem.* could be namespaced by snap name by allowing /dev/shm/sem.snap.@{SNAP_NAME}.*

¹ http://manpages.ubuntu.com/manpages/xenial/en/man7/sem_overview.7.html

See original description

Tags:

Zygmunt Krynicki (zyga) on 2017-01-04

tags:	added: snapd-interface
Changed in snappy:
status:	New → Confirmed

Olivier Tilloy (osomon) on 2017-01-04

description:

updated

Jamie Strandboge (jdstrand) on 2017-01-05

Changed in snappy:
status:	Confirmed → Triaged
importance:	Undecided → Medium
assignee:	nobody → Jamie Strandboge (jdstrand)

Jamie Strandboge (jdstrand) on 2017-01-09

Changed in snappy:
status:	Triaged → In Progress

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2017-01-10:

This will be fixed in snapd 2.21.

Changed in snappy:
status:	In Progress → Fix Committed

Michael Vogt (mvo) on 2017-01-17

Changed in snappy:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.