XDG_RUNTIME_DIR is not created on app startup

Bug #1656340 reported by Marco Trevisan (Treviño) on 2017-01-13
48
This bug affects 8 people
Affects Status Importance Assigned to Milestone
Snappy
Undecided
Zygmunt Krynicki
snapd (Ubuntu)
Undecided
Unassigned

Bug Description

Steps to reproduce:
1. Install Ubuntu 16.04 LTS
2. Install test application as Notepadqq - `snap install notepadqq`
3. Try to launch it as root

$ which notepadqq
/snap/bin/notepadqq

$ sudo snap run notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
QXcbConnection: Could not connect to display :0.0
Aborted (core dumped)

$ pkexec snap run notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
QXcbConnection: Could not connect to display
Aborted (core dumped)

$ sudo notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
QXcbConnection: Could not connect to display :0.0
Aborted (core dumped)
$ gksudo notepadqq
No protocol specified
QXcbConnection: Could not connect to display :0.0

$ sudo -u www-data notepadqq /var/www/html/index.html
2018/02/25 22:40:11.162682 cmd_run.go:562: WARNING: cannot create user data directory: cannot create "/var/www/snap/notepadqq/115": mkdir /var/www/snap: permission denied
cannot create user data directory: /var/www/snap/notepadqq/115: Read-only file system

Expected results:
user is able to run snap-installed program as root

Expected results:
user is unable to run snap-installed program as root

Note:
first seen on AskUbuntu ( https://askubuntu.com/q/1009698/66509 ).

----

XDG_RUNTIME_DIR is now properly set, but... The dir isn't created by default.
This should be done on launch.

Apps that have this environment variable set, expects the path to be there (as normally it is in a location that the user can't edit /run/user)...

marco@ubuntu-vmware:~:0$ snap run --shell test-snap
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

marco@ubuntu-vmware:/home/marco$ echo $XDG_RUNTIME_DIR
/run/user/1000/snap.qt5-systray
marco@ubuntu-vmware:/home/marco$ ls $XDG_RUNTIME_DIR
ls: cannot access '/run/user/1000/snap.qt5-systray': No such file or directory

affects: snap-confine → snapd
Changed in snapd:
status: New → Confirmed
Zygmunt Krynicki (zyga) on 2017-01-13
Changed in snapd:
assignee: nobody → Zygmunt Krynicki (zyga)
Jamie Strandboge (jdstrand) wrote :

This bug should definitely be fixed, but note that snaps are allowed to create /run/user/1000/snap.$SNAP_NAME by this rule:

owner /{dev,run}/user/[0-9]*/snap.@{SNAP_NAME}/ rw,

As a workaround for your snap, feel free to (do the equivalent of):

mkdir /run/user/`id -u`/snap."$SNAP_NAME" || true

affects: snapd → snappy
tags: added: snapd-interface
Changed in snappy:
status: Confirmed → Triaged
tags: added: eco-team
tags: removed: snapd-interface
Daniel Llewellyn (diddledan) wrote :

This functionality was added in https://github.com/snapcore/snapd/commit/1e3735f630f98df315e11b8d8d58d33b61476f59

and removed again in https://github.com/snapcore/snapd/commit/7ea43f1c74e1e056250359031cb715cb85adb349

I can't find any reference as to why is was removed. The commit message is decidedly absent any information which would help us understand the motivation.

Jamie Strandboge (jdstrand) wrote :

Daniel, there are two things here: XDG_RUNTIME_DIR in terms of the user's session and XDG_RUNTIME_DIR in terms of the snap. The one for the user is supposed to be created by the session manager, but it sometimes isn't. The one for the snap should be created by snappy.

Zygmunt could comment better, but iirc, the reason it was removed is because people didn't like that setup_user_xdg_runtime_dir() was special-casing /run/user/<uid> instead of using generic helpers. Using generic helpers was difficult because different directories are supposed to have different ownership and permissions (in this case, /run/user/uid should be uid:uid 700, but /run/user is 0:0 755, /run 0:0). Unless I'm forgetting some context, I'm still ok with special casing this directory.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in snapd (Ubuntu):
status: New → Confirmed
Norbert (nrbrtx) on 2018-02-26
tags: added: artful bionic xenial
Norbert (nrbrtx) on 2018-07-23
description: updated
tags: added: cosmic
removed: artful
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers