Snap installed as devmode can end up running confined
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
New
|
Undecided
|
Unassigned | ||
Bug Description
Splitting this off from lp:1667385
I installed in snap in devmode (webdemo) on arm64 to work around lp:1667480. Also note that the snap is published by me and the content interface it plugs is canonical, which seems like its fine.
I noticed after certain sequence of connect/
snap disable webdemo
snap enable webdemo (app is running)
snap disconnect webdemo:platform
snap connect webdemo:platform ubuntu-
snap disable webdemo
snap enable webdemo (app fails with DENIALs)
The app installs a daemon that opens a browser view on localhost, where another control daemon provides content.
| description: | updated |
| description: | updated |
| Pat McGowan (pat-mcgowan) wrote | #1 |
| no longer affects: | snappy |
From the duplicate
To reproduce this issue.
1. Fetch the source code from here
http://
2. snap the project
snapcraft && sudo snap install --devmode hooks_0.
3. run the following command
sudo hooks.test
5. goto ${SNAP_
drwxr-xr-x 2 daemon daemon 4096 3月 9 15:39 new_folder
6. disalbe and enable the snap
sudo snap disable hooks && sudo snap enable hooks
7. run the test command again
/snap/
chown syscall is allowed in devmode but forbidden in strict confinement mode at this moment due to the bug.
https:/
So from the above step, devmode capability is dropped after running snap enable/disable and the snap has become a strict confinement snap.