Ubuntu
snapd package

Snaps with classic confinement and /home on NFS

Bug #1713767 reported by Michael Iatrou
This bug report is a duplicate of:  Bug #1662552: snaps don't work with NFS home. Edit Remove
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Snaps with classic confinement, like conjure-up, cannot be installed when $HOME is on NFS.

On Ubuntu Xenial server, with snapd 2.25, running conjure-up 2.2.2 fails:
$ conjure-up
cannot create user data directory: /home/ubuntu/snap/conjure-up/549: Permission denied

$ mount | grep home
node09ob28.maas:/mnt/nfs/ubuntu on /home/ubuntu type nfs4 (rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=172.27.28.117,local_lock=none,addr=172.27.28.116)

$ grep -i denied /var/log/syslog
Aug 15 23:35:11 node09ob28 kernel: [ 902.908181] audit: type=1400 audit(1502840111.290:34): apparmor=“DENIED” operation=“sendmsg” profile="/snap/core/2462/usr/lib/snapd/snap-confine" pid=17018 comm=“snap-confine” laddr=172.27.28.117 lport=823 faddr=172.27.28.116 fport=2049 family=“inet” sock_type=“stream” protocol=6 requested_mask=“send” denied_mask=“send"
Aug 15 23:35:11 node09ob28 kernel: [ 902.908200] audit: type=1400 audit(1502840111.290:35): apparmor=“DENIED” operation=“sendmsg” profile=”/snap/core/2462/usr/lib/snapd/snap-confine" pid=17018 comm=“snap-confine” laddr=172.27.28.117 lport=823 faddr=172.27.28.116 fport=2049 family=“inet” sock_type=“stream” protocol=6 requested_mask=“send” denied_mask=“send"
Aug 15 23:35:11 node09ob28 kernel: [ 902.908215] audit: type=1400 audit(1502840111.290:36): apparmor=“DENIED” operation=“sendmsg” profile=”/snap/core/2462/usr/lib/snapd/snap-confine" pid=17018 comm=“snap-confine” laddr=172.27.28.117 lport=823 faddr=172.27.28.116 fport=2049 family=“inet” sock_type=“stream” protocol=6 requested_mask=“send” denied_mask=“send”

NFS server configuration
$ cat /etc/exports
/mnt/nfs *(rw,sync,no_root_squash)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is covered by https://forum.snapcraft.io/t/snaps-and-nfs-home/438 which references https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552.

This is a duplicate of bug #1662552

Changed in snapd (Ubuntu):
status: New → Confirmed
Revision history for this message
Michael Iatrou (michael.iatrou) wrote :

https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1662552 seems to refer to "Strictly confined snaps".

This bug specifically calls out snaps with classic confinement.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.