`/etc/sudoers: syntax error` when running my snap on 22.04 (works fine on 20.04, UC20)


The snap I maintain connects to Launchpad to create issues and upload log information.

We recently discovered that it cannot be used in 22.04: LP#1965236

There seems to be a problem with parsing the /etc/sudoers file from within the snap. The same snap works as expected on 20.04 and Ubuntu Core 20.

Has anything changed in 22.04 with regard to permissions to the sudoers file(s)? What can I do to make sure my snap can still work as expected on 22.04+?

The snapd package seems to be at the same version, no matter 20.04 or 22.04:

snapd version: 2.54.3+20.04.1ubuntu0.2

snapd version: 2.54.3+git26.g360067e+22.04

Thanks in advance,

I changed this to #snapd as it seems that only changes in snapd have triggered this. I do advise thought that your snap should state it only works with devmode by setting confinement: devmode in your snapcraft.yaml.

¡Hola! Thanks for the quick feedback, @sergiusens! I’ll modify the confinment key in my next update.

In the meantime, should I wait for feedback from snapd team? Should I file a bug on Launchpad?

After further investigation, it impacts any snap installed with --devmode. I opened an issue in the snapd project.

The /etc/sudoers comes from the host. The problem is that the syntax of the sudoers file may have changed making it incompatible with old versions of sudo, eg. the one you have in core18, your base snap. I would suggest changing the base to core20, and see if that works. I think it’d be worth identifying which lines of /etc/sudoers are problematic, the error from bug report has:

sudo: parse error in /etc/sudoers near line 54

looking at 22.04 vm in line 54 there’s:

@includedir /etc/sudoers.d

Sudo changelog mentions that @include has been introduced in 1.9.1, while Ubuntu only started shipping sudoers with that syntax since 22.04, see http://changelogs.ubuntu.com/changelogs/pool/main/s/sudo/sudo_1.9.9-1ubuntu2/changelog and https://packages.ubuntu.com/jammy/sudo. Here on Arch and openSUSE, the default file also uses @include, I would guess it’s a similar case on other distros.

So it looks like updating the base to core20 will not address your problem.

I’m also slightly confused why you even call sudo inside the snap ns and not outside? FWIW it’s not allowed by the default profiles, so you won’t be able to run it unless you install in --devmode.