Sqlite and fchown


#1

I’m snapping geary, which uses sqlite3. This fails under strict confinement because of https://bugs.launchpad.net/snappy/+bug/1612759

This was " it is very high in the queue. Hoping to start on it early next week." back in January. Any updates on this?


#2

@jdstrand Do you have news on this one?


#3

That bug said that sqlite only uses fchown when running as root. OTOH I don’t recall when fchown policy for root was added, but it is in 2.27.6 which is in stable.

For other uses of the chown family of syscalls:

  • the snapcraft preload part handles chown and lchown. It should probably be adjusted to handle fchown
  • there is a PR up for review to change the seccomp denial behavior from kill to EPERM, which should make this less painful
  • I’m actively working on more fully mediating the chown/setuid/setgid families of syscalls that will make this problem go away. This work will include policy that allows chowning and priv dropping to ‘daemon’ as well the calling user

#4

@sergiusens Can we move on with the snapcraft preload piece as well?


#5

Are you sure it’s that bug? By default SQLite wants to write temp files to /var/tmp/ or something that snaps don’t have access to. If you set SQLITE_TMPDIR to /tmp/ it will fix that problem.


#6

Thanks, I’ll try that!