On 08/02/2016 07:22 AM, Jamie Strandboge wrote: > On Tue, 2016-08-02 at 09:04 +0200, Didier Roche wrote: >> Le 02/08/2016 à 08:12, Vasilisc a écrit : >>> 02.08.2016 09:00, Didier Roche пишет: >>>> Le 02/08/2016 à 07:45, Vasilisc a écrit : >>>>> >>>>> test snap raise error >>>>> ------------------------- >>>>> echo "Writing to $SNAP_USER_COMMON" >>>>> mkdir -p $SNAP_USER_COMMON/platform >>>>> echo "hello common" > $SNAP_USER_COMMON/common.txt >>>>> -------------- >>>>> grep -F audit syslog >>>>> >>>>> Aug 2 08:34:16 vb kernel: [ 2622.276193] audit: type=1400 >>>>> audit(1470116056.762:34): apparmor="ALLOWED" operation="mkdir" >>>>> profile="snap.test2.test2" name="/home/vasilisc/snap/test2/common/" >>>>> pid=4971 comm="mkdir" requested_mask="c" denied_mask="c" fsuid=1000 >>>>> ouid=1000 >>>> Hey Vasilisc, >>>> >>>> where do you see an error in the above trace? Apparmor says "ALLOWED", >>>> so the mkdir call wasn't blocked and work as expected, or did you notice >>>> not having this directory and file created after those calls? >>>> >>>> Didier >>>> >>> Code >>> echo "Writing to $SNAP_USER_COMMON" >>> mkdir -p $SNAP_USER_COMMON >>> -------------------- >>> >>> Aug 2 09:08:42 vb kernel: [ 4688.252234] audit: type=1400 >>> audit(1470118122.727:44): apparmor="DENIED" operation="mkdir" >>> profile="snap.test2.test2" name="/home/vasilisc/snap/test2/common/" >>> pid=5802 comm="mkdir" requested_mask="c" denied_mask="c" fsuid=1000 >>> ouid=1000 >>> >> Mind opening a bug against snappy on launchpad with your snapcraft.yaml, >> shell script and this output? I think the apparmor profile may need to >> be adjusted to write to $SNAP_USER_COMMON. > Please file a bug, yes, but the bug is that 'snap run' is not creating the > directory. The snap should not be expected to have to do this. The regression > looks to have been introduced in https://github.com/snapcore/snapd/pull/1293 > or > perhaps you are using an old version of snapd and a new version of > snap-confine? > Regardless, please file a bug. > > Thanks! `snap run` does indeed have code to do this, but it doesn't seem that a version of snapd actually utilizing `snap run` has been released yet. It's my understanding that the version of snapd that would be using `snap run` would also be accompanied by the files within /snap/bin/ being symlinks instead of scripts, which isn't yet merged[1]. Of course, I may be wrong. Right now the /snap/bin/foo files are still scripts that shell out to ubuntu-core-launcher, which unless someone else added it, doesn't have code to do this. I didn't add it because I thought we'd have snap run soon, but that seemed to be blocked on a stable OS snap. Michael or Gustavo, do you have any more information on that? Should we add this logic to u-c-l while we're waiting?
For more information, this test[2] reflects the current capabilities as I understand them. Note that SNAP_USER_COMMON is not tested yet, as `snap run` isn't used (thus the directories are not created). [1]: https://github.com/snapcore/snapd/pull/1254 [2]: https://github.com/snapcore/snapd/blob/master/tests/main/writable-areas/task.yaml -- Kyle Fazzari (kyrofa) Software Engineer Canonical Ltd. k...@canonical.com
signature.asc
Description: OpenPGP digital signature
-- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
