syscall error on i386 unless socketcall is allowed

Bug #1594675 reported by Sebastien Bacher on 2016-06-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd (Ubuntu)
Jamie Strandboge
Jamie Strandboge

Bug Description

Using snapd 2.0.9 on xenial on i386, snap commands hit a syscall error on i386 unless "socketcall" is allowed in the profile, that should perhaps be allowed by default as a workaround until the libseccomp issue is resolved?

Changed in snapd (Ubuntu):
importance: Undecided → High
summary: - syscall error on i386
+ syscall error on i386 unless socketcall is allowed
Changed in snapd (Ubuntu):
status: New → In Progress
Jamie Strandboge (jdstrand) wrote :

This is merged and will be in 2.0.10.

Changed in snapd (Ubuntu):
status: In Progress → Fix Committed

Hello Sebastien, or anyone else affected,

Accepted snapd into xenial-proposed. The package will build now and be available at in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at . Thank you in advance!

tags: added: verification-needed
Federico Gimenez (fgimenez) wrote :

Is this still a problem? I'm not able to reproduce with 2.0.9 [1], also not seen with 2.0.10.



Jamie Strandboge (jdstrand) wrote :

Federico-- it is going to depend on the snap and what it does.

I can confirm that 2.0.10 is correctly adding socketcall to the default policy.

Changed in snapd (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :
Download full text (4.9 KiB)

This bug was fixed in the package snapd - 2.0.10

snapd (2.0.10) xenial; urgency=medium

  * New upstream release: LP: #1597329
    - interfaces: also allow @{PROC}/@{pid}/mountinfo and
    - interfaces: allow read access to /etc/machine-id and
    - interfaces: miscelleneous policy updates for default, log-observe
      and system-observe
    - snapstate: add logging after a successful doLinkSnap
    - tests, integration-tests: port try tests to spread
    - store, cmd/snapd: send a basic user-agent to the store
    - store: add buy method
    - client: retry on failed GETs
    - tests: actual refresh test
    - docs: REST API update
    - interfaces: add mount support for hooks.
    - interfaces: add udev support for hooks.
    - interfaces: add dbus support for hooks.
    - tests, integration-tests: port refresh test to spread
    - tests, integration-tests: port change errors test to spread
    - overlord/ifacestate: don't retry snap security setup
    - integration-tests: remove unused file
    - tests: manage the socket unit when reseting state
    - overlord: improve organization of state patches
    - tests: wait for snapd listening after reset
    - interfaces/builtin: allow other sr*/scd* optical devices
    - systemd: add support for squashfuse
    - snap: make snaps vanishing less fatal for the system
    - snap-exec: os.Exec() needs argv0 in the args[] slice too
    - many: add new `create-user` command
    - interfaces: auto-connect content interfaces with the same content
      and developer
    - snapstate: add Current revision to SnapState
    - readme: tweak readme blurb
    - integration-tests: wait for listening port instead of active
      service reported by systemd
    - many: rename Current -> {CurrentSideInfo,CurrentInfo}
    - spread: fix home interface test after suite move
    - many: name unversioned data.
    - interfaces: add "content" interface
    - overlord/snapstate: defaultBackend can go away now
    - debian: comment to remember why the timer is setup like it is
    - tests,spread.yaml: introduce an upgrade test, support/split into
      two suites for this
    - overlord,overlord/snapstate: ensure we keep snap type in snapstate
      of each snap
    - many: rework the firstboot support
    - integration-tests: fix test failure
    - spread: keep core on suite restore
    - tests: temporary fix for state reset
    - overlord: add infrastructure for simple state format/content
    - interfaces: add seccomp support for hooks.
    - interfaces: allow gvfs shares in home and temporarily allow
      socketcall by default (LP: #1592901, LP: #1594675)
    - tests, integration-tests: port network-bind interface tests to
    - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
      and remove MockSnapWithHooks
    - interfaces: add mpris interface
    - tests: enable `snap run` on i386
    - tests, integration-tests: port network interface test to spread
    - tests, integration-tests: port interfaces cli to spread
    - tests, integration-tests: port leftover install tests to spread
    - int...


Changed in snapd (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for snapd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :
Download full text (6.5 KiB)

This bug was fixed in the package snapd - 2.11+16.10

snapd (2.11+16.10) yakkety; urgency=medium

  * New upstream release: LP: #1605303
    - increase version number to reflect the nature of the update
    - store, daemon, client, cmd/snap, docs/ adieu search
    - debian: move snapd.refresh.timer into
    - snapstate: add daemon-reload to fix autopkgtest on yakkety
    - Interfaces: hardware-observe
    - snap: rework the output after a snap operation
    - daemon, cmd/snap: refresh --devmode
    - store, daemon, client, cmd/snap: implement `snap find --private`
    - tests: add network-observe interface spread test
    - interfaces/builtin: allow getsockopt for connected x11 plugs
    - osutil: check for nogrup instead of adm
    - store: small cleanups (more needed)
    - snap/squashfs: fix test not to hardcode snap size
    - client,cmd/snap: cleanup cmd/snap test suite, add extra args
      testThis cleans up the cmd/snap test suite:
    - wrappers: map "never" restart condition to "no."
    - wrappers: run update-desktop-database after add/remove of desktop
    - release: work around elementary mistake
    - many: remove all traces of channel from the buying codepath
    - store: kill setUbuntuStoreHeaders
    - docs: add payment methods documentation
    - many: present user with a choice of payment backends
    - asserts: add cross checks for snap asserts
    - cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
    - tests: improve snap run symlink tests
    - tests: add content sharing interface spread test
    - store & many: a mechanical branch shortening store names
    - snappy: remove old snappy pkg
    - overlord/snapstate: kill flagscompat
    - overlord/snapstate, daemon, client, cmd/snap: devmode override
      (aka confined)
    - tests: extend refresh test to talk to the staging and production
    - asserts,daemon: cross checks for account and account-key
    - client: existing JSON fixtures uses tabs for indentation
    - snap-exec: add proper integration test for snap-exec
    - spread.yaml, tests: replace hello-world with test-snapd-tools
    - tests: add locale-control interface spread test
    - tests: add mount-observe interface spread test
    - tests: add system-observe interface spread test
    - many: add AuthContext to mediate user updates to the state
    - store/auth: add helper for the macaroon refresh endpoint
    - cmd: add buy command
    - overlord: switch snapstate.Update to use ListRefresh (aka
    - snap-exec: fix silly off-by-one error
    - tests: stop using hello-world.echo in the tests
    - tests: add env command to test-snapd-tools
    - classic: remove (most of) "classic" mode, this is implemented as a
      snap now
    - many: remove snapstate.Candidate and other cleanups
    - many: removed authenticator, store gets a user instead
    - asserts: fix minor doc comment typo
    - snap: ensure unknown arguments to `snap run` are ignored
    - overlord/auth: add Device/SetDevice to persist device identity in
    - overlord: make SyncBoot work aga...


Changed in snapd (Ubuntu Yakkety):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers