check-diskfree script should ignore loop mounts created by canonical-livepatch (/snap/)

Bug #1635711 reported by Markus Ueberall on 2016-10-21
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
checksecurity (Ubuntu)
High
Unassigned
snapd (Ubuntu)
Undecided
Unassigned

Bug Description

There should be a rule which takes into account that, e.g., loop mounts created by canonical-livepatch are always "full". Not sure whether it's sufficient to exclude /snap/ the same way as /media/ here...

>Usage warning on 75
>100% ALERT - /snap/ubuntu-core/423
>Usage warning on 75
>100% ALERT - /snap/canonical-livepatch/15

# lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
# apt-cache policy checksecurity
checksecurity:
  Installed: (none)
  Candidate: 2.0.16+nmu1ubuntu1
  Version table:
     2.0.16+nmu1ubuntu1 500
        500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://de.archive.ubuntu.com/ubuntu xenial/main i386 Packages

Joshua Powers (powersj) on 2016-10-24
Changed in checksecurity (Ubuntu):
status: New → Triaged
importance: Undecided → High
Robie Basak (racb) wrote :

Adding snapd, as: 1) the real bug is that snapd packaging breaks the FHS; and 2) to find out whether checksecurity should be ignoring /snap entirely, or if some other behaviour would be appropriate.

Robie Basak (racb) wrote :

> the real bug is that snapd packaging breaks the FHS

That's perhaps a bit harsh, sorry. It may be more a consequence of snapd's concept of mounting squashfs, wherever it chooses to put it. But we do need a bigger picture look at this I think.

Robie Basak (racb) wrote :

Or perhaps the real bug is "checksecurity fails to ignore squashfs mounts", given that they're all read-only?

tags: added: bot-stop-nagging
Michael Vogt (mvo) wrote :

I'm not entirely sure what snapd should do about this. If we can write any meta data for check-diskfree we will happily do so.

Changed in snapd (Ubuntu):
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers