Multiple snaps are failing to run when packaged with strict confinement due to
fchown being a blocked syscall. Can we please get a fix for this syscall to allow “chown to myself” into snapd? This will, for example allow things like glib file creation to work out-of-the-box where gimp-2.9.6 as an example currently cannot start because it gets killed when calling
fchown on a file it creates to ensure it’s owned by the user who created it. We should also convert the denial to a “permission denied” rather than a signal
31 which completely kills the process.
I get that it seems silly to
fchown a file to your userid when you’ve only just created it while running as that userid, because it surely already is owned by your user via the creation process. This seems to be a common pattern in various libraries, however, so we need to allow it to work unmodified.