Forbidden sqlite3 system call

Jamie Strandboge jamie at canonical.com
Sun Nov 29 18:52:08 UTC 2015 

On 11/29/2015 12:40 PM, Simon Stürz wrote:
> 
> 
> On 2015-11-29 19:17, Jamie Strandboge wrote:
>> On 11/27/2015 08:41 AM, Jamie Strandboge wrote:
>>> On 11/23/2015 10:08 AM, Simon Stürz wrote:
>>> In the meantime, to workaround this issue on rolling images until your code no
>>> longer uses chown, you can provide an override and do something like this in
>>> your yaml:
>>>
>>> services:
>>>    - name: guhd
>>>      ...
>>>      syscalls: [ fchown32 ]
>>>
>> Whoops, this should've been:
>>
>> services:
>>    - name: guhd
>>      ...
>>      security-override:
>>        syscalls: [ fchown32 ]
>>
> Not working yet.
> 
> This workaround gives me:
> 
> Installing /tmp/guhio_0.1.13_armhf.snap
> 2015/11/29 18:32:54.806560 verify.go:85: Signature check failed, but installing
> anyway as requested
> 2015/11/29 18:33:53.903018 security.go:156: No seccomp policy found
> /tmp/guhio_0.1.13_armhf.snap failed to install: no seccomp policy provided
> 
> Do I have to provide the seccomp file? I will reread the docs again.
> 

The above *only* works on 16.04 images (aka, rolling). If you are using stable
images (15.04), see the other email on how to work around it.

> My yaml file:
> 
> name: guhio
> version: 0.1.13
> type: app
> vendor: Simon Stürz <simon.stuerz at guh.guru>
> architecture: ["armhf"]
> icon: meta/guh-logo.svg
> source: https://github.com/guh/guh
> license-version: "GPLv2"
> services:
>   - name: guhd
>     start: usr/bin/guhd-wrapper.sh
>     description: "Daemon for the guh IoT server"
>     security-override:
>         syscalls: [ fchown32 ]
>     ports:
>         internal:
>             jsonrpc:
>                 port: 2222/tcp
>                 negotiable: yes
>         external:
>             ui:
>                 port: 3333/tcp
>                 negotiable: no
>             websocket:
>                 port: 4444/tcp
>                 negotiable: yes
> binaries:
>   - name: guh-cli
>     exec: ./usr/bin/guh-cli
>     description: "Command line interface for the guh IoT server - python"
> 
> 
> 
> 


-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20151129/bd2a26de/attachment.pgp>

More information about the snappy-app-devel mailing list