snapd

snap-update-ns should unconditionally rebuild snap mount namespaces if there are certain deleted mounts in them

Bug #1960960 reported by Ian Johnson
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd
New
Undecided
Unassigned

Bug Description

When you have a snap like the snap-store snap installed and running, it will have a mount namespace reference stored in /run/snapd/ns. It seems when removing the debian package of snapd, this mount namespace reference is not deleted, but since files in that namespace are deleted on the host, such as /usr/lib/snapd, those mounts inside the mount namespace become "//deleted" in /proc/self/mountinfo and there are no files in the mount namespace in /usr/lib/snapd.

This is problematic because it seems upon reinstalling snapd debian package without rebooting (which would in effect discard the namespace reference), and then reinstalling the same snap such as snap-store, snap-confine/snap-update-ns will attempt to re-use the existing snap mount namespace to disastrous effect where it fails to execute snap-exec because nothing is in /usr/lib/snapd.

So:

1) there is a bug in the debian packaging postrm script, etc. We should be getting rid of these namespace references when we uninstall/remove snapd
2) snap-confine/snap-update-ns should be more robust and detect this situation by seeing that there is a //deleted mount, and if there is, discard the whole namespace and rebuild it from scratch because it's broken

Revision history for this message
Maciej Borzecki (maciek-borzecki) wrote :

Ad 1. we have a section which unmounts the ns and removes the mnt file: https://github.com/snapcore/snapd/blob/295017206096cbfcd071d167717b40a545a28d88/packaging/ubuntu-16.04/snapd.postrm#L119-L130 It's only possible to join the mount ns by using /proc/<pid>/ns/mnt, which is something that s-u-n does not do, but you can use `nsenter -m/proc/<pid>/ns/mnt /bin/bash` do it yourself.

It's already a bit weird to purge snapd when there are snap applications running, it's not really clear what should happen in such scenario. Killing the applications forcefully may not be the best option though.

Revision history for this message
Sergio Cazzolato (sergio-j-cazzolato) wrote :

Hi, the steps to reproduce are:

I started a vm running impish
I started the ubuntu-software (snap-store snap) icon to see it is working and closed the app
I removed snapd "apt remove snapd" (no purge)
I installed snapd "apt install snapd"
I start ubuntu-software but the app does not start (other snaps work well)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.