Ubuntu
snapd package

Unable to launch program (installed as snap) as root

Bug #1751634 reported by Norbert on 2018-02-25

This bug report is a duplicate of: Bug #1656340: XDG_RUNTIME_DIR is not created on app startup. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	snapd (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Steps to reproduce:
1. Install Ubuntu 16.04 LTS
2. Install test application as Notepadqq - `snap install notepadqq`
3. Try to launch it as root

$ which notepadqq
/snap/bin/notepadqq

$ sudo snap run notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
QXcbConnection: Could not connect to display :0.0
Aborted (core dumped)

$ pkexec snap run notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
QXcbConnection: Could not connect to display
Aborted (core dumped)

$ sudo notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
QXcbConnection: Could not connect to display :0.0
Aborted (core dumped)
$ gksudo notepadqq
No protocol specified
QXcbConnection: Could not connect to display :0.0

$ sudo -u www-data notepadqq /var/www/html/index.html
2018/02/25 22:40:11.162682 cmd_run.go:562: WARNING: cannot create user data directory: cannot create "/var/www/snap/notepadqq/115": mkdir /var/www/snap: permission denied
cannot create user data directory: /var/www/snap/notepadqq/115: Read-only file system

Expected results:
user is able to run snap-installed program as root

Expected results:
user is unable to run snap-installed program as root

Note:
first seen on AskUbuntu ( https://askubuntu.com/q/1009698/66509 ).

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: snapd 2.29.4.2 [modified: usr/share/dbus-1/services/io.snapcraft.Launcher.service]
ProcVersionSignature: Ubuntu 4.4.0-116.140-generic 4.4.98
Uname: Linux 4.4.0-116-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
CurrentDesktop: MATE
Date: Sun Feb 25 22:10:49 2018
InstallationDate: Installed on 2018-01-04 (52 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
SourcePackage: snapd
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Tags:

Revision history for this message

Norbert (nrbrtx) wrote on 2018-02-25:

Dependencies.txt Edit (2.8 KiB, text/plain; charset="utf-8")
JournalErrors.txt Edit (9.5 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (799 bytes, text/plain; charset="utf-8")
ProcEnviron.txt Edit (316 bytes, text/plain; charset="utf-8")

Norbert (nrbrtx) on 2018-02-25

description:

updated

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2018-02-26:

Hmm, we have a rule that should allow this:

    # for creating the user XDG_RUNTIME_DIR: /run/user, /run/user/UID and
    # /run/user/UID/<name>
    /run/user/{,[0-9]*/,[0-9]*/*/} rw,

But then again, maybe sudo is messing some of that up?

Revision history for this message

Norbert (nrbrtx) wrote on 2018-02-26:

Thank you for reply, Zygmunt!

You can check this yourself.
I have tested this on 16.04 LTS with all updates installed (see steps to reproduce above):

$ snap --version
snap 2.31.1
snapd 2.31.1
series 16
ubuntu 16.04
kernel 4.4.0-116-generic

$ snap install notepadqq
notepadqq 1.2.0-2 from 'danieleds' installed
$ sudo notepadqq
[sudo] password for me:
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
QXcbConnection: Could not connect to display :0.0
Aborted (core dumped)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2018-02-26:

This is the denial:

apparmor="DENIED" operation="mkdir" profile="snap.notepadqq.notepadqq" name="/run/user/0/" pid=3127 comm="mkdir" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

The problem is that /run/user/0 does not exist because this directory is supposed to be created by the session manager, not the snap. Because this is being run under sudo, it implies that the session is non-root so /run/user/0 wasn't ever created by anything.

This is an old issue:
* https://bugs.launchpad.net/snappy/+bug/1656340
* https://forum.snapcraft.io/t/wayland-dconf-and-xdg-runtime-dir/186
* https://github.com/snapcore/snapd/pull/4365#discussion_r155843451