Snap installed as devmode can end up running confined
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
New
|
Undecided
|
Unassigned |
Bug Description
Splitting this off from lp:1667385
I installed in snap in devmode (webdemo) on arm64 to work around lp:1667480. Also note that the snap is published by me and the content interface it plugs is canonical, which seems like its fine.
I noticed after certain sequence of connect/
snap disable webdemo
snap enable webdemo (app is running)
snap disconnect webdemo:platform
snap connect webdemo:platform ubuntu-
snap disable webdemo
snap enable webdemo (app fails with DENIALs)
The app installs a daemon that opens a browser view on localhost, where another control daemon provides content.
description: | updated |
description: | updated |
no longer affects: | snappy |
From the duplicate bazaar. launchpad. net/~gary- wzl77/+ junk/test- hooks/files 1_amd64. snap DATA}/hooks/ current to check new folder's owner(It's an expected result) hooks/x1/ bin/test: 11: /snap/hooks/ x1/bin/ test: chown: Permission denied
To reproduce this issue.
1. Fetch the source code from here
http://
2. snap the project
snapcraft && sudo snap install --devmode hooks_0.
3. run the following command
sudo hooks.test
5. goto ${SNAP_
drwxr-xr-x 2 daemon daemon 4096 3月 9 15:39 new_folder
6. disalbe and enable the snap
sudo snap disable hooks && sudo snap enable hooks
7. run the test command again
/snap/
chown syscall is allowed in devmode but forbidden in strict confinement mode at this moment due to the bug. /bugs.launchpad .net/ubuntu/ +source/ snapd/+ bug/1581310
https:/
So from the above step, devmode capability is dropped after running snap enable/disable and the snap has become a strict confinement snap.