Usage of secure_getenv prevents build against musl libc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snap-confine |
Fix Released
|
Wishlist
|
Loïc Minier | ||
snap-confine (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
In Progress
|
Undecided
|
Unassigned |
Bug Description
[Impact]
snap-confine relies on glibc function secure_getenv() to work. This function is not available on musl so the build cannot complete. With this bug fixed snap-confine now contains an implementation of secure_getenv() that is used when the standard library does not provide a copy of this function.
[Test Case]
snap-confine can be built with musl C library.
[Regression Potential]
This change does not affect the Ubuntu package.
[Other Info]
* This bug is a part of a major SRU that brings snap-confine in Ubuntu 16.04 in line with the current upstream release 1.0.41.
* snap-confine is technically an integral part of snapd which has an SRU exception and is allowed to introduce new features and take advantage of accelerated procedure. For more information see https:/
== # Pre-SRU bug description follows # ==
Hi,
Building snap-confine against the musl libc breaks due to the use of secure_getenv() which is a GNU extension.
It would be nice to allow building snap-confine against musl as it's the default libc for OpenWRT and derived trees. This could be achieved by providing a secure_getenv alternate implementation or just falling back to getenv().
See discussion at https:/
Cheers,
- Loïc Minier
Changed in snap-confine: | |
milestone: | none → 1.0.41 |
status: | New → Fix Committed |
assignee: | nobody → Loïc Minier (lool) |
summary: |
- Usage of secure_getenv prevents build against glibc + Usage of secure_getenv prevents build against musl libc |
Changed in snap-confine: | |
status: | Fix Committed → Fix Released |
importance: | Undecided → Wishlist |
description: | updated |
Changed in snap-confine (Ubuntu): | |
status: | New → Fix Released |
Changed in snap-confine (Ubuntu Xenial): | |
status: | New → In Progress |
I strongly recommend providing the secure_getenv() routine on platforms that lack it. It's an important part of keeping setuid executables safe.
Thanks