Ubuntu
snapd package

  1. Bug #2061981
  2. Comment #16

Comment 16 for bug 2061981

Revision history for this message
Nathan Teodosio (nteodosio) wrote :

Thanks!

As a note for self, I diffed snapd 2.61.2 and 2.62 and found in cmd/snap-update-ns/user.go:

--->
+func isPlausibleHome(path string) error {
+ if path == "" {
+ return fmt.Errorf("cannot allow empty path")
+ }
+ if path != filepath.Clean(path) {
+ return fmt.Errorf("cannot allow unclean path")
+ }
+ if !filepath.IsAbs(path) {
+ return fmt.Errorf("cannot allow relative path")
+ }
+ const openFlags = syscall.O_NOFOLLOW | syscall.O_CLOEXEC | syscall.O_DIRECTORY
+ fd, err := sysOpen(path, openFlags, 0)
+ if err != nil {
+ return err
+ }
+ sysClose(fd)
+ return nil
+}
<---

--->
+ if err := isPlausibleHome(realHome); err != nil {
+ realHomeError = fmt.Errorf("cannot use invalid home directory %q: %v", realHome, err)
<---

It remains to be ascertained whether this lack of permission always existed but didn't cause the launch of the snap to fail.