Small issue with snap debug confinement

So… maybe we need a 2.26.14 now

zyga@fyke:~$ snap version
snap    2.26.13
snapd   2.26.13
series  16
ubuntu  16.04
kernel  4.8.0-58-generic

Because snapd explodes on a particular debug command

zyga@fyke:~$ snap debug confinement
panic: runtime error: slice bounds out of range [recovered]
	panic: runtime error: slice bounds out of range

goroutine 1 [running]:
panic(0x559f8abce320, 0xc82000e130)
	/usr/lib/go-1.6/src/runtime/panic.go:481 +0x3ea
	/build/snapd-O7CRuM/snapd-2.26.13/_build/src/ +0x7b
panic(0x559f8abce320, 0xc82000e130)
	/usr/lib/go-1.6/src/runtime/panic.go:443 +0x4ed*parseState).estimateCommand(0xc82018c5a0, 0x0, 0x0)
	/build/snapd-O7CRuM/snapd-2.26.13/_build/src/ +0x957*Parser).ParseArgs(0xc820015900, 0xc82000a3d0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
	/build/snapd-O7CRuM/snapd-2.26.13/_build/src/ +0x932*Parser).Parse(0xc820015900, 0x0, 0x0, 0x0, 0x0, 0x0)
	/build/snapd-O7CRuM/snapd-2.26.13/_build/src/ +0x9d, 0x0)
	/build/snapd-O7CRuM/snapd-2.26.13/_build/src/ +0x4a
	/build/snapd-O7CRuM/snapd-2.26.13/_build/src/ +0x834

Not sure why though, I think this command is tested both by spread and unit tests. I’ll have a look after the raspbian investigation.

So after building master quickly I got even weirder behavior.

  • locally built snap doesn’t crash and outputs nothing (empty string)
  • locally build snapd still crashes package built snap
  • when locally built snapd runs the locally built snap doesn’t crash and prints the right value

I had a look at vendorized go-flags and it seems there’s a bug there (uses array that may be empty) but I cannot reproduce the error with a locally built snapd so my locally fixed vendorized tree is not a useful test.

The fix for this has been merged upstream and I’m working on updating the vendor manifest to sync this in. It should be available in 2.27. The PR is available at

CC @jdstrand this also fixes snap debug get-base-declaration although you need master (edge) builds for this command to actually exist.

This has been fixed entirely now.

1 Like