[Group.of.nepali.translators] [Bug 1612291] Re: cannot create $SNAP_USER_DATA when using ecryptfs and sudo

[Launchpad Bug Tracker]

This bug was fixed in the package snap-confine - 1.0.38-0ubuntu0.16.04.8

---------------
snap-confine (1.0.38-0ubuntu0.16.04.8) xenial; urgency=medium

  * debian/patches/04_not_die_unknown_locations.patch:
    - move to /tmp if the current location can not be preserved
      (LP: #1612684)

snap-confine (1.0.38-0ubuntu0.16.04.7) xenial; urgency=medium

  * fix apparmor rules when a snap is run on new-style encrypted
    home with sudo (LP: #1612291)

snap-confine (1.0.38-0ubuntu0.16.04.6) xenial; urgency=medium

  * fix apparmor rules when a snap is run on encrypted home
    with sudo (LP: #1612291)

snap-confine (1.0.38-0ubuntu0.16.04.5) xenial; urgency=medium

  * 03_fix_snap_user_data_regression.patch:
    - fix regression in autopkgtest with snap-confine when the
      SNAP_USER_DATA directory is not created for services
      (LP: #1612120)

 -- Michael Vogt <michael.v...@ubuntu.com>  Fri, 12 Aug 2016 16:45:17
+0200

** Changed in: snap-confine (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1612291

Title:
  cannot create $SNAP_USER_DATA when using ecryptfs and sudo

Status in Snappy Launcher:
  Fix Released
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  Fix Released

Bug description:
  Because of the two apparmor rules on snap-confine, attempts to create
  user data directory from snap-confine will fail when the user is using
  new-style encrypted home directory and sudo to start a snap.

  TEST CASE:
  1. sudo adduser --encrypt-home test-encrypted
  2. Ensure that the test-encrypted user can use sudo, e.g. add it to the sudo 
group
  3. Log in as test-encrypted user
  4. Install the hello-world snap
  5. Run sudo /snap/bin/hello-world
  6. Verify that `hello-world` fails to run
  7. Install snap-confine from xenial-propsoed
  8. verify that `hello-world` runs now

  The following patch makes the problem go away:

  diff --git a/debian/usr.bin.snap-confine b/debian/usr.bin.snap-confine
  index f3e6308..aeb17bd 100644
  --- a/debian/usr.bin.snap-confine
  +++ b/debian/usr.bin.snap-confine
  @@ -155,6 +155,6 @@
       owner @{HOME}/.Private/ r,
       owner @{HOME}/.Private/** mrixwlk,
       # new-style encrypted $HOME
  -    owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
  -    owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
  +    @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
  +    @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
   }

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1612291/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp