Ubuntu
snapd package

strict mode snaps crash with Segmentation fault on 16.10

Bug #1626121 reported by Sergio Schvezov
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Snapcraft
Invalid
Undecided
Unassigned
Snappy
Fix Released
Critical
Jamie Strandboge
snap-confine
Invalid
Critical
Unassigned
snap-confine (Ubuntu)
Invalid
Critical
Unassigned
snapd (Ubuntu)
Fix Released
Critical
Jamie Strandboge

Bug Description

Ever since snap-confine 1.0.41-0ubuntu2 got to the yakkety archives running snaps causes a Segmentation fault

http://paste.ubuntu.com/23211497/

Sergio Schvezov (sergiusens)
Changed in snap-confine:
importance: Undecided → Critical
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

I tried to reproduce this on a 16.04 machine updated to 16.10 (with a reboot to change the kernel). I cannot reproduce it.

Revision history for this message
Leo Arias (elopio) wrote :

I can reproduce this in a yakkety machine started by adt-run in scalingstack.

This is the entry from syslog:
Sep 21 16:16:24 adt kernel: [ 997.682383] audit: type=1400 audit(1474474584.561:68): apparmor="DENIED" operation="file_mmap" profile="snap.mosquitto.subscribe" name="/usr/lib/snapd/snap-exec" pid=4525 comm="snap-exec" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

When running with sudo gdb, it prints:
Cannot find user-level thread for LWP 4622: generic error

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in snap-confine (Ubuntu):
status: New → Confirmed
Revision history for this message
Leo Arias (elopio) wrote :

strace: http://paste.ubuntu.com/23212239/
/etc/apparmor.d/usr.lib.snapd.snap-confine: http://paste.ubuntu.com/23212242/

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The denial is in the default template, not snap-confine (profile="snap.mosquitto.subscribe"). I talked to the apparmor kernel devs and this has to do with the new linux 4.8 kernel and not snap-confine per se. This is a semantic change in the upstream kernel. Per jjohansen, "the location of the mmap check in the binfmt_elf loader changed, and along with it the cred that is used for the check".

The fix will need to be to default policy in snapd, not snap-confine.

Changed in snap-confine:
status: New → Invalid
Changed in snap-confine (Ubuntu):
status: Confirmed → Invalid
Changed in snappy:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in snapd (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Leo Arias (elopio) wrote :

Added snapcraft as affected because this makes the autopkgtests fail, so it blocks the release to yakkety.

Jamie Strandboge (jdstrand)
summary: - snap-confine causes Segmentation fault
+ snaps crash with Segmentation fault on 16.10
summary: - snaps crash with Segmentation fault on 16.10
+ strict mode snaps crash with Segmentation fault on 16.10
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I was able to reproduce this on a classic 16.10 system only after upgrading the ubuntu-core snap and policy since that is where snap reexec is used. Ie, with:

snap-confine 1.0.41-0ubuntu2
snapd 2.13+16.10
$ cat /proc/version_signature
Ubuntu 4.8.0-11.12-generic 4.8.0-rc6

$ sudo snap install ubuntu-core --channel=edge

$ sudo snap install hello-world

$ snap list
Name Version Rev Developer Notes
hello-world 6.3 27 canonical -
ubuntu-core 16.04.1 687 canonical -

$ hello-world
Segmentation fault

$ grep audit /var/log/syslog
...
Sep 21 15:16:15 sec-yakkety-amd64 kernel: [ 72.061888] audit: type=1400 audit(1474488975.354:29): apparmor="DENIED" operation="file_mmap" profile="snap.hello-world.hello-world" name="/usr/lib/snapd/snap-exec" pid=1328 comm="snap-exec" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0

If you don't have ubuntu-core from edge I found that I needed to reload the security policy. One way to do this is:

$ sudo snap refresh ubuntu-core --channel=edge
$ sudo snap remove hello-world
$ sudo snap install hello-world
$ hello-world
Segmentation fault

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

https://github.com/snapcore/snapd/pull/1967

Uploaded 2.15.2+16.10.3 to yakkety.

Changed in snapd (Ubuntu):
status: Triaged → Fix Committed
Zygmunt Krynicki (zyga)
Changed in snapd (Ubuntu):
status: Fix Committed → In Progress
Zygmunt Krynicki (zyga)
Changed in snapd (Ubuntu):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand)
Changed in snappy:
status: In Progress → Fix Committed
Michael Vogt (mvo)
Changed in snappy:
status: Fix Committed → Fix Released
Changed in snapd (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Kyle Fazzari (kyrofa) wrote :

Invalidating the Snapcraft task since it's fixed everywhere else.

Changed in snapcraft:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.