Thanks!
As a note for self, I diffed snapd 2.61.2 and 2.62 and found in cmd/snap-update-ns/user.go:
---> +func isPlausibleHome(path string) error { + if path == "" { + return fmt.Errorf("cannot allow empty path") + } + if path != filepath.Clean(path) { + return fmt.Errorf("cannot allow unclean path") + } + if !filepath.IsAbs(path) { + return fmt.Errorf("cannot allow relative path") + } + const openFlags = syscall.O_NOFOLLOW | syscall.O_CLOEXEC | syscall.O_DIRECTORY + fd, err := sysOpen(path, openFlags, 0) + if err != nil { + return err + } + sysClose(fd) + return nil +} <---
---> + if err := isPlausibleHome(realHome); err != nil { + realHomeError = fmt.Errorf("cannot use invalid home directory %q: %v", realHome, err) <---
It remains to be ascertained whether this lack of permission always existed but didn't cause the launch of the snap to fail.
Thanks!
As a note for self, I diffed snapd 2.61.2 and 2.62 and found in cmd/snap- update- ns/user. go:
---> (path string) error { Clean(path) { IsAbs(path) {
+func isPlausibleHome
+ if path == "" {
+ return fmt.Errorf("cannot allow empty path")
+ }
+ if path != filepath.
+ return fmt.Errorf("cannot allow unclean path")
+ }
+ if !filepath.
+ return fmt.Errorf("cannot allow relative path")
+ }
+ const openFlags = syscall.O_NOFOLLOW | syscall.O_CLOEXEC | syscall.O_DIRECTORY
+ fd, err := sysOpen(path, openFlags, 0)
+ if err != nil {
+ return err
+ }
+ sysClose(fd)
+ return nil
+}
<---
---> (realHome) ; err != nil {
+ if err := isPlausibleHome
+ realHomeError = fmt.Errorf("cannot use invalid home directory %q: %v", realHome, err)
<---
It remains to be ascertained whether this lack of permission always existed but didn't cause the launch of the snap to fail.