snapd

  1. Bug #1981546
  2. Activity log

Activity log for bug #1981546

Date Who What changed Old value New value Message
2022-07-13 08:23:15 Alberto Donato bug added bug
2022-07-13 08:25:05 Adam Collard description With the maas 3.2 snap (core20-based) we noticed a difference in behavior when running on a focal and jammy (tested in containers). The snap has the `home` plug. On focal, an app running as root can read root-owned files in other users' homes, while when running on focal, that's not possible anymore: # echo test > /home/ubuntu/testfile # echo test > /home/ubuntu/testfile2 # chown ubuntu.ubuntu /home/ubuntu/testfile2 # ls -l /home/ubuntu/testfile* -rw-rw-r-- 1 ubuntu ubuntu 5 Jul 12 13:44 /home/ubuntu/testfile -rw-rw-r-- 1 root root 5 Jul 12 13:44 /home/ubuntu/testfile2 # snap install maas --channel=3.2 # focal host root@f:~# snap run --shell maas -c 'cat /home/ubuntu/testfile' cat: /home/ubuntu/testfile: Permission denied root@f:~# snap run --shell maas -c 'cat /home/ubuntu/testfile2' test # jammy host root@j:~# snap run --shell maas -c 'cat /home/ubuntu/testfile' cat: /home/ubuntu/testfile: Permission denied root@j:~# snap run --shell maas -c 'cat /home/ubuntu/testfile2' cat: /home/ubuntu/testfile2: Permission denied With the maas 3.2 snap (core20-based) we noticed a difference in behavior when running on a focal and jammy (tested in containers). The snap has the `home` plug. On focal (20.04 LTS), an app running as root can read root-owned files in other users' homes, while when running on jammy (22.04 LTS), that's not possible anymore: # echo test > /home/ubuntu/testfile # echo test > /home/ubuntu/testfile2 # chown ubuntu.ubuntu /home/ubuntu/testfile2 # ls -l /home/ubuntu/testfile* -rw-rw-r-- 1 ubuntu ubuntu 5 Jul 12 13:44 /home/ubuntu/testfile -rw-rw-r-- 1 root root 5 Jul 12 13:44 /home/ubuntu/testfile2 # snap install maas --channel=3.2 # focal host root@f:~# snap run --shell maas -c 'cat /home/ubuntu/testfile' cat: /home/ubuntu/testfile: Permission denied root@f:~# snap run --shell maas -c 'cat /home/ubuntu/testfile2' test # jammy host root@j:~# snap run --shell maas -c 'cat /home/ubuntu/testfile' cat: /home/ubuntu/testfile: Permission denied root@j:~# snap run --shell maas -c 'cat /home/ubuntu/testfile2' cat: /home/ubuntu/testfile2: Permission denied
2023-05-11 13:38:35 Sergio Cazzolato snapd: status New Confirmed
2023-05-11 13:38:44 Sergio Cazzolato snapd: importance Undecided High