Manual review request: lnav

timothystack · March 13, 2026, 1:48pm

Hello, I’m the author of lnav and it’s snap. A few months ago, the builds keep getting flagged with the following warning:

Found files with executable stack. This adds PROT_EXEC to mmap(2) during mediation which may cause security denials. Either adjust your program to not require an executable stack, strip it with 'execstack --clear-execstack ...' or remove the affected file from your snap. Affected files: usr/bin/lnav functional-snap-v2_execstack What does this mean?

I don’t know what this is talking about. The builds used to work and I made no changes related to an executable stack (as far as I know). Grepping for PROT_EXEC in my code base shows no results.

Can someone give me some guidance here?

Thanks!

store-requests-bot · March 13, 2026, 2:00pm

This request has not been added to the review queue. It should be placed in the appropriate store-requests subcategory using the subcategory template for classic-confinement, privileged-interfaces and aliases requests.

bepri · March 13, 2026, 8:39pm

Just a guess, but maybe you could try running lnav with strace and then check that output (perhaps with lnav, heh) for any instances of PROT_EXEC? I don’t see any obvious reasons for it to appear either, but I guess a compiler, linker, or dependency update all could’ve potentially caused this.

It may also be enough to add something like this to the “build” part of your project file, as the error suggests:

override-build: |
  craftctl default
  execstack --clear-execstack lnav