Ubuntu
snap-confine package

1.0.41-0ubuntu1 ftbfs on amd64, i386

Bug #1625565 reported by Michael Hudson-Doyle
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snap-confine
Fix Released
High
Zygmunt Krynicki
snap-confine 1.0.42
snap-confine (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

snap-confine contains sanity unit tests that check if the kernel behaves in a certain, particular way that subsequent runtime behaviour depends on. As it happens to be launchpad package building machinery runs on an older kernel with a xenial/yakkety chroot and the sanity test fails.

The relevant unit tests now check and parse kernel version and unless a recent enough version is available, those tests are skipped.

[Test Case]

N/A

Technically if someone wants to verify this change then it is sufficient to rebuild the package on 14.04 release (not the LTS updated) kernel like 3.19.

[Regression Potential]

None, this only affects unit tests in a safe way.

[Other Info]

* This bug is a part of a major SRU that brings snap-confine in Ubuntu 16.04 in line with the current upstream release 1.0.42.

* snap-confine is technically an integral part of snapd which has an SRU exception and is allowed to introduce new features and take advantage of accelerated procedure. For more information see https://wiki.ubuntu.com/SnapdUpdates

== # Pre-SRU bug description follows # ==

Probably because of the old kernel version, a test fails like this:

/ns/sc_init_ns_group: OK
/ns/sc_lock_unlock_ns_mutex: OK
**
ERROR:ns-support-test.c:323:test_nsfs_fs_id: assertion failed (buf.f_type == NSFS_MAGIC): (40864 == 1853056627)
/ns/nsfs_fs_id: FAIL

12:44 < mwhudson> 40864 seems to be PROC_SUPER_MAGIC
12:44 < mwhudson> zyga: https://bugs.launchpad.net/ubuntu/+source/snap-confine/+bug/1625565
12:44 < zyga> mwhudson: thanks
12:45 < mwhudson> and NSFS_MAGIC was only added to the kernel in a commit from Sat Nov 1 10:57:28 2014 -0400
12:45 < mwhudson> so that's not going to be in the 14.04 release kernel
12:46 < mwhudson> 3.19+
12:46 < zyga> mwhudson: so even the kernel headers have that macro, the relevant files in the kernel don't use it?
12:47 < mwhudson> zyga: well the kernel headers you are building against are from yakkety presumably
12:47 < zyga> mwhudson: yes, I just checked that :/
12:47 < zyga> mwhudson: the mount namespace file in the kernel is indeed procfs
12:47 < zyga> mwhudson: I guess this test needs to be skipped
12:47 < zyga> mwhudson: and we might need a separate check for this in snap-confine proper
12:48 < zyga> so that if we open and see PROC_SUPER_MAGIC we can die()

See original description
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

40864 seems to be PROC_SUPER_MAGIC

Zygmunt Krynicki (zyga)
Changed in snap-confine (Ubuntu):
status: New → In Progress
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Git spelunking says that NSFS_MAGIC is only present in kernels 3.19 and up, so my initial guess looks good.

Zygmunt Krynicki (zyga)
description: updated
Changed in snap-confine:
status: New → In Progress
assignee: nobody → Zygmunt Krynicki (zyga)
milestone: none → 1.0.42
importance: Undecided → High
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

This is hopefully fixed with this pull request: https://github.com/snapcore/snap-confine/pull/150/files

We should carry this patch in the packaging until the next upstream release.

Zygmunt Krynicki (zyga)
Changed in snap-confine:
status: In Progress → Fix Committed
Changed in snap-confine (Ubuntu):
status: In Progress → Fix Released
Zygmunt Krynicki (zyga)
Changed in snap-confine:
status: Fix Committed → Fix Released
Revision history for this message
Andy Whitcroft (apw) wrote : Please test proposed package

Hello Michael, or anyone else affected,

Accepted snap-confine into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snap-confine/1.0.42-0ubuntu3~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in snap-confine (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed
Zygmunt Krynicki (zyga)
description: updated
Revision history for this message
Andy Whitcroft (apw) wrote :

Hello Michael, or anyone else affected,

Accepted snap-confine into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snap-confine/1.0.43-0ubuntu1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Leo Arias (elopio) wrote :

There is nothing to manually verify here other than the test passes and the package builds.
As 1.0.43 is already in proposed, I'm going to mark this as verified.

Thanks Andy.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package snap-confine - 1.0.43-0ubuntu1~16.04.1

---------------
snap-confine (1.0.43-0ubuntu1~16.04.1) xenial-proposed; urgency=medium

  * Backport from 16.10 (LP: #1630040)

snap-confine (1.0.43-0ubuntu1) yakkety; urgency=medium

  * New upstream release (LP: #1630479, LP: #1630492, LP: #1628612)
  * debian/patches/lp1630789.patch: allow running snaps by non-root users in
    LXD containers (LP: #1630789)

snap-confine (1.0.42-0ubuntu3) yakkety; urgency=medium

  * allow snap-confine to mount on /dev/pts/ptmx for LXD with /dev/ptmx
    symlink

snap-confine (1.0.42-0ubuntu2) yakkety; urgency=medium

  * add mmap to AppArmor policy for snap-confine for running snap-confine
    under LXD on 4.8 kernels

snap-confine (1.0.42-0ubuntu1) yakkety; urgency=medium

  * New upstream release
  * Drop patch skip-nsfs-magic-tests-on-old-kernels.patch (applied upstream)

snap-confine (1.0.41-0ubuntu2) yakkety; urgency=medium

  * add skip-nsfs-magic-tests-on-old-kernels.patch to disable NSFS tests on
    kernels older than 3.19 (LP: #1625565)

snap-confine (1.0.41-0ubuntu1) yakkety; urgency=medium

  * New upstream release, full list of issues is available at
    https://launchpad.net/snap-confine/+milestone/1.0.41
  * Drop all patches (included upstream).
  * Add version to apparmor run-time dependency.

snap-confine (1.0.40-1) unstable; urgency=medium

  * New upstream release, full list of issues is available at
    https://launchpad.net/snap-confine/+milestone/1.0.40
  * Drop apparmor profile from the debian/ directory and install it straight
    from upstream package. This is now automatically consistent with package
    configuration prefix.
  * Drop patch: prctl-compatibility.patch(applied upstream)
  * Add directory /var/lib/snapd/void to snap-confine
  * Add patch: 0001-Don-t-shellcheck-files-spread-prepare-script.patch that
    fixes make check due to a mistake upstream.
  * Add patch: 0001-Stop-using-deprecated-readdir_r.patch (LP: #1615615)

snap-confine (1.0.39-1) unstable; urgency=medium

  * New upstream release.
  * Remove d/patches/01_lp1606277.patch, applied upstream.

snap-confine (1.0.38-3) unstable; urgency=medium

  * debian/patches/prctl-compatibility.patch: add shadow definitions for
    compatibility with older kernel headers.
  * drop build-dependency on shellcheck, which is not used at build time
    and doesn't exist in trusty.
  * make ubuntu-core-launcher "arch:any" to workaround an issue in
    rm_conffile which does not deal with changing architectures
  * fix log-observer interface regression (LP: #1606277)

snap-confine (1.0.38-2) unstable; urgency=medium

  * Fix invocations of rm_conffile.
  * Update d/usr.lib.snapd.snap-confine to the latest upstream version to
    ensure content-sharing fully works.

snap-confine (1.0.38-1) unstable; urgency=medium

  * New upstream release.

 -- Jamie Strandboge <email address hidden> Thu, 06 Oct 2016 14:51:26 +0000

Changed in snap-confine (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of the Stable Release Update for snap-confine has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.