Ubuntu
snapcraft package

Restrictive umask creates unusable snaps

Bug #1890466 reported by Mike Salvatore
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapcraft (Ubuntu)
New
Undecided
Unassigned

Bug Description

OS
Ubuntu Focal Fossa 20.04

Snapcraft Version
snapcraft, version 4.1.3

Contrary to the status of https://bugs.launchpad.net/ubuntu/+source/snapcraft/+bug/1724788, not all umask issues are fixed.

In general, I set my umask to 027 on my systems. When `snapcraft init` is run, it creates ./snap/ and ./snap/snapcraft.yaml with 750 permissions and 640 permission respectively; this is consistent with my umask. These permissions are carried into the snap, however, and the result is the following error message:

cannot snap-exec: cannot exec "/snap/testme/x1/snap/command-chain/snapcraft-runner": permission denied

The current workaround is to fix the permissions of ./snap and ./snap/snapcraft.yaml so that they are accessible by other and run `snapcraft clean` followed by `snapcraft`

Below is a terminal session that demonstrates the issue:

[testuser@test ~/test1]$ umask
0027
[testuser@test ~/test1]$ snapcraft init
Created snap/snapcraft.yaml.
Go to https://docs.snapcraft.io/the-snapcraft-format/8337 for more information about the snapcraft.yaml format.
[testuser@test ~/test1]$ cp $HOME/test/snap/snapcraft.yaml snap/
[testuser@test ~/test1]$ cp $HOME/test/testme.sh .
[testuser@test ~/test1]$ ls -la .
total 16
drwxr-x--- 3 testuser testuser 4096 Aug 5 11:44 ./
drwxrwx--- 12 testuser testuser 4096 Aug 5 11:42 ../
drwxr-x--- 2 testuser testuser 4096 Aug 5 11:44 snap/
-rwxr-x--- 1 testuser testuser 26 Aug 5 11:44 testme.sh*
[testuser@test ~/test1]$ ls -la snap/
total 12
drwxr-x--- 2 testuser testuser 4096 Aug 5 11:44 ./
drwxr-x--- 3 testuser testuser 4096 Aug 5 11:44 ../
-rw-r----- 1 testuser testuser 803 Aug 5 11:44 snapcraft.yaml
[testuser@test ~/test1]$ chmod 755 testme.sh
[testuser@test ~/test1]$ snapcraft
...
Snapped testme_0.1_amd64.snap
[testuser@test ~/test1]$ sudo snap install --dangerous testme_0.1_amd64.snap
testme 0.1 installed
[testuser@test ~/test1]$ testme
cannot snap-exec: cannot exec "/snap/testme/x1/snap/command-chain/snapcraft-runner": permission denied
[testuser@test ~/test1]$ ls -la /snap/testme/x1/
total 5
drwxr-xr-x 4 root root 56 Aug 5 11:53 ./
drwxr-xr-x 4 root root 4096 Aug 5 11:54 ../
drwxr-xr-x 2 root root 32 Aug 5 11:53 meta/
drwxr-x--- 3 root root 36 Aug 5 11:53 snap/
-rwxr-xr-x 1 root root 26 Aug 5 11:44 testme.sh*
[testuser@test ~/test1]$ unsquashfs testme_0.1_amd64.snap
Parallel unsquashfs: Using 12 processors
3 inodes (3 blocks) to write

[==================================================================================================================================================|] 3/3 100%

created 3 files
created 4 directories
created 0 symlinks
created 0 devices
created 0 fifos
[testuser@test ~/test1]$ ls -la squashfs-root/
total 20
drwxr-xr-x 4 testuser testuser 4096 Aug 5 11:53 ./
drwxr-x--- 4 testuser testuser 4096 Aug 5 11:54 ../
drwxr-xr-x 2 testuser testuser 4096 Aug 5 11:53 meta/
drwxr-x--- 3 testuser testuser 4096 Aug 5 11:53 snap/
-rwxr-x--- 1 testuser testuser 26 Aug 5 11:44 testme.sh*
[testuser@test ~/test1]$

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.