Reading /etc
Marco Ceppi
marco.ceppi at canonical.com
Thu Mar 2 02:29:27 UTC 2017
I don't have an answer for you, but wanted to add some color to the
problem. The issue lies within a dependency of the latest version of pip.
Previously they vendored in a small library to do rudimentary distribution
checking. In later versions, they've included the nir0s/distro python
package, which does more aggressive checks against things like /etc and is
hard coded.
I submitted a patch to the distro repo
https://github.com/nir0s/distro/issues/149 and it's landed, but it needs
to be pulled into pip and release. Once that's done, UNIXCONFDIR
environment variable could be used to override where to find `/etc`. For my
snap, I ended up moving to classic confinement as it fit better with the
tool (a system utility).
Marco
On Wed, Mar 1, 2017 at 9:07 PM Facundo Batista <
facundo.batista at canonical.com> wrote:
> Hola!
>
> When calling pip from inside a snap, it (while investigating the system
> it's in) tries to os.listdir("/etc") which is
> denied to it:
>
> Mar 1 15:44:04 tanquita kernel: [16153.906524] audit: type=1400
> audit(1488393844.939:99): apparmor="DENIED"
> operation="open" namespace="root//lxd-fadestest_<var-lib-lxd>"
> profile="snap.fades.fades" name="/etc/"
> pid=10606 comm="python" requested_mask="r" denied_mask="r"
> fsuid=165536 ouid=165536
>
> Which interface should I add to the snap for it to have read only access
> to /etc?
>
> Thanks!
>
> --
> . Facundo
> .
> Canonical - Online Services
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170302/6a50ed1d/attachment.html>
More information about the Snapcraft
mailing list