| 2017-01-04 13:04:38 |
Olivier Tilloy |
description |
(initially reported at https://lists.ubuntu.com/archives/snapcraft/2017-January/002222.html)
I’m snapping an app that makes use of semaphores¹ and seeing an apparmor denial. The glibc implementation of sem_open calls SHM_GET_NAME(EINVAL,SEM_FAILED,SEM_SHM_PREFIX) where SEM_SHM_PREFIX is "sem.", so it tries to create /dev/shm/sem.{name}, which fails because
snapd only allows /dev/shm/snap.@{SNAP_NAME}.**.
At a quick glance, there’s no mechanism (e.g. env var) to customize the prefix ("sem.").
/dev/shm/sem.* could be namespaced by snap name by allowing /dev/shm/sem.snap.@{SNAP_NAME}.* |
(initially reported at https://lists.ubuntu.com/archives/snapcraft/2017-January/002222.html)
I’m snapping an app that makes use of semaphores¹ and seeing an apparmor denial. The glibc implementation of sem_open calls SHM_GET_NAME(EINVAL,SEM_FAILED,SEM_SHM_PREFIX) where SEM_SHM_PREFIX is "sem.", so it tries to create /dev/shm/sem.{name}, which fails because
snapd only allows /dev/shm/snap.@{SNAP_NAME}.**.
At a quick glance, there’s no mechanism (e.g. env var) to customize the prefix ("sem.").
/dev/shm/sem.* could be namespaced by snap name by allowing /dev/shm/sem.snap.@{SNAP_NAME}.*
¹ http://manpages.ubuntu.com/manpages/xenial/en/man7/sem_overview.7.html |
|
