syscall error on i386 unless socketcall is allowed

Bug #1594675 reported by Sebastien Bacher on 2016-06-21
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd (Ubuntu)
High
Jamie Strandboge
Xenial
Undecided
Unassigned
Yakkety
High
Jamie Strandboge

Bug Description

Using snapd 2.0.9 on xenial on i386, snap commands hit a syscall error on i386 unless "socketcall" is allowed in the profile, that should perhaps be allowed by default as a workaround until the libseccomp issue is resolved?

Changed in snapd (Ubuntu):
importance: Undecided → High
summary: - syscall error on i386
+ syscall error on i386 unless socketcall is allowed
Changed in snapd (Ubuntu):
status: New → In Progress
Jamie Strandboge (jdstrand) wrote :

This is merged and will be in 2.0.10.

Changed in snapd (Ubuntu):
status: In Progress → Fix Committed

Hello Sebastien, or anyone else affected,

Accepted snapd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snapd/2.0.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Federico Gimenez (fgimenez) wrote :

Is this still a problem? I'm not able to reproduce with 2.0.9 [1], also not seen with 2.0.10.

Thanks!

[1] http://paste.ubuntu.com/18518840/

Jamie Strandboge (jdstrand) wrote :

Federico-- it is going to depend on the snap and what it does.

I can confirm that 2.0.10 is correctly adding socketcall to the default policy.

Changed in snapd (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :
Download full text (4.9 KiB)

This bug was fixed in the package snapd - 2.0.10

---------------
snapd (2.0.10) xenial; urgency=medium

  * New upstream release: LP: #1597329
    - interfaces: also allow @{PROC}/@{pid}/mountinfo and
      @{PROC}/@{pid}/mountstats
    - interfaces: allow read access to /etc/machine-id and
      @{PROC}/@{pid}/smaps
    - interfaces: miscelleneous policy updates for default, log-observe
      and system-observe
    - snapstate: add logging after a successful doLinkSnap
    - tests, integration-tests: port try tests to spread
    - store, cmd/snapd: send a basic user-agent to the store
    - store: add buy method
    - client: retry on failed GETs
    - tests: actual refresh test
    - docs: REST API update
    - interfaces: add mount support for hooks.
    - interfaces: add udev support for hooks.
    - interfaces: add dbus support for hooks.
    - tests, integration-tests: port refresh test to spread
    - tests, integration-tests: port change errors test to spread
    - overlord/ifacestate: don't retry snap security setup
    - integration-tests: remove unused file
    - tests: manage the socket unit when reseting state
    - overlord: improve organization of state patches
    - tests: wait for snapd listening after reset
    - interfaces/builtin: allow other sr*/scd* optical devices
    - systemd: add support for squashfuse
    - snap: make snaps vanishing less fatal for the system
    - snap-exec: os.Exec() needs argv0 in the args[] slice too
    - many: add new `create-user` command
    - interfaces: auto-connect content interfaces with the same content
      and developer
    - snapstate: add Current revision to SnapState
    - readme: tweak readme blurb
    - integration-tests: wait for listening port instead of active
      service reported by systemd
    - many: rename Current -> {CurrentSideInfo,CurrentInfo}
    - spread: fix home interface test after suite move
    - many: name unversioned data.
    - interfaces: add "content" interface
    - overlord/snapstate: defaultBackend can go away now
    - debian: comment to remember why the timer is setup like it is
    - tests,spread.yaml: introduce an upgrade test, support/split into
      two suites for this
    - overlord,overlord/snapstate: ensure we keep snap type in snapstate
      of each snap
    - many: rework the firstboot support
    - integration-tests: fix test failure
    - spread: keep core on suite restore
    - tests: temporary fix for state reset
    - overlord: add infrastructure for simple state format/content
      migrations
    - interfaces: add seccomp support for hooks.
    - interfaces: allow gvfs shares in home and temporarily allow
      socketcall by default (LP: #1592901, LP: #1594675)
    - tests, integration-tests: port network-bind interface tests to
      spread
    - snap,snap/snaptest: use PopulateDir/MakeTestSnapWithFiles directly
      and remove MockSnapWithHooks
    - interfaces: add mpris interface
    - tests: enable `snap run` on i386
    - tests, integration-tests: port network interface test to spread
    - tests, integration-tests: port interfaces cli to spread
    - tests, integration-tests: port leftover install tests to spread
    - int...

Read more...

Changed in snapd (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for snapd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :
Download full text (6.5 KiB)

This bug was fixed in the package snapd - 2.11+16.10

---------------
snapd (2.11+16.10) yakkety; urgency=medium

  * New upstream release: LP: #1605303
    - increase version number to reflect the nature of the update
      better
    - store, daemon, client, cmd/snap, docs/rest.md: adieu search
      grammar
    - debian: move snapd.refresh.timer into timers.target
    - snapstate: add daemon-reload to fix autopkgtest on yakkety
    - Interfaces: hardware-observe
    - snap: rework the output after a snap operation
    - daemon, cmd/snap: refresh --devmode
    - store, daemon, client, cmd/snap: implement `snap find --private`
    - tests: add network-observe interface spread test
    - interfaces/builtin: allow getsockopt for connected x11 plugs
    - osutil: check for nogrup instead of adm
    - store: small cleanups (more needed)
    - snap/squashfs: fix test not to hardcode snap size
    - client,cmd/snap: cleanup cmd/snap test suite, add extra args
      testThis cleans up the cmd/snap test suite:
    - wrappers: map "never" restart condition to "no."
    - wrappers: run update-desktop-database after add/remove of desktop
      files
    - release: work around elementary mistake
    - many: remove all traces of channel from the buying codepath
    - store: kill setUbuntuStoreHeaders
    - docs: add payment methods documentation
    - many: present user with a choice of payment backends
    - asserts: add cross checks for snap asserts
    - cmd/snap,cmd/snap-exec: support running hooks via snap-exec.
    - tests: improve snap run symlink tests
    - tests: add content sharing interface spread test
    - store & many: a mechanical branch shortening store names
    - snappy: remove old snappy pkg
    - overlord/snapstate: kill flagscompat
    - overlord/snapstate, daemon, client, cmd/snap: devmode override
      (aka confined)
    - tests: extend refresh test to talk to the staging and production
      stores
    - asserts,daemon: cross checks for account and account-key
      assertions
    - client: existing JSON fixtures uses tabs for indentation
    - snap-exec: add proper integration test for snap-exec
    - spread.yaml, tests: replace hello-world with test-snapd-tools
    - tests: add locale-control interface spread test
    - tests: add mount-observe interface spread test
    - tests: add system-observe interface spread test
    - many: add AuthContext to mediate user updates to the state
    - store/auth: add helper for the macaroon refresh endpoint
    - cmd: add buy command
    - overlord: switch snapstate.Update to use ListRefresh (aka
      /snaps/metadata)
    - snap-exec: fix silly off-by-one error
    - tests: stop using hello-world.echo in the tests
    - tests: add env command to test-snapd-tools
    - classic: remove (most of) "classic" mode, this is implemented as a
      snap now
    - many: remove snapstate.Candidate and other cleanups
    - many: removed authenticator, store gets a user instead
    - asserts: fix minor doc comment typo
    - snap: ensure unknown arguments to `snap run` are ignored
    - overlord/auth: add Device/SetDevice to persist device identity in
      state
    - overlord: make SyncBoot work aga...

Read more...

Changed in snapd (Ubuntu Yakkety):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers