So re: issue/132 that code path has always been enabled. How we have worked around it is by implicitly adding the GETATTR perm to the mapping.
Their were significant changes around permission lookup and mapping but not around how/where the check is done, so I assume it is in the mapping code though at first glance it appears to be right. I am still digging. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1991691 Title: cannot change mount namespace Status in Linux: New Status in linux package in Ubuntu: Confirmed Status in snapd package in Ubuntu: Incomplete Bug description: Multiple snaps are either broken or "only" display permission denied messages. slack snap is not starting at all with: > update.go:85: cannot change mount namespace according to change mount (/run/user/1000/doc/by-app/snap.slack /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0): cannot inspect "/run/user/1000/doc": lstat /run/user/1000/doc: permission denied firefox snap does start, but also logs errors: update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/doc /usr/share/doc none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/doc": lstat /var/lib/snapd/hostfs/usr/share/doc: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/fonts /usr/share/fonts none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/fonts": lstat /var/lib/snapd/hostfs/usr/share/fonts: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/local/share/fonts /usr/local/share/fonts none bind,ro 0 0): cannot inspect "/usr/local/share/fonts": lstat /usr/local/share/fonts: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/cups/doc-root /usr/share/cups/doc-root none bind,ro 0 0): cannot create directory "/usr/share/cups/doc-root": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/gimp/2.0/help /usr/share/gimp/2.0/help none bind,ro 0 0): cannot create directory "/usr/share/gimp/2.0": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/gtk-doc /usr/share/gtk-doc none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/gtk-doc": lstat /var/lib/snapd/hostfs/usr/share/gtk-doc: permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/libreoffice/help /usr/share/libreoffice/help none bind,ro 0 0): cannot create directory "/usr/share/libreoffice/help": permission denied update.go:85: cannot change mount namespace according to change mount (/var/lib/snapd/hostfs/usr/share/xubuntu-docs /usr/share/xubuntu-docs none bind,ro 0 0): cannot inspect "/var/lib/snapd/hostfs/usr/share/xubuntu-docs": lstat /var/lib/snapd/hostfs/usr/share/xubuntu-docs: permission denied update.go:85: cannot change mount namespace according to change mount (/run/user/1000/doc/by-app/snap.firefox /run/user/1000/doc none bind,rw,x-snapd.ignore-missing 0 0): cannot inspect "/run/user/1000/doc": lstat /run/user/1000/doc: permission denied ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: snap (not installed) ProcVersionSignature: Ubuntu 5.19.0-19.19-generic 5.19.7 Uname: Linux 5.19.0-19-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: XFCE Date: Tue Oct 4 17:29:01 2022 InstallationDate: Installed on 2017-09-26 (1834 days ago) InstallationMedia: Ubuntu-Server 17.10 "Artful Aardvark" - Alpha amd64 (20170924) SourcePackage: snap UpgradeStatus: Upgraded to kinetic on 2022-05-22 (134 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1991691/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
