Sqlite and fchown

kenvandine · October 3, 2017, 2:19pm

I’m snapping geary, which uses sqlite3. This fails under strict confinement because of https://bugs.launchpad.net/snappy/+bug/1612759

This was " it is very high in the queue. Hoping to start on it early next week." back in January. Any updates on this?

niemeyer · October 3, 2017, 3:21pm

@jdstrand Do you have news on this one?

jdstrand · October 3, 2017, 3:41pm

That bug said that sqlite only uses fchown when running as root. OTOH I don’t recall when fchown policy for root was added, but it is in 2.27.6 which is in stable.

For other uses of the chown family of syscalls:

the snapcraft preload part handles chown and lchown. It should probably be adjusted to handle fchown
there is a PR up for review to change the seccomp denial behavior from kill to EPERM, which should make this less painful
I’m actively working on more fully mediating the chown/setuid/setgid families of syscalls that will make this problem go away. This work will include policy that allows chowning and priv dropping to ‘daemon’ as well the calling user

niemeyer · October 3, 2017, 5:16pm

@sergiusens Can we move on with the snapcraft preload piece as well?

mhall119 · October 4, 2017, 3:19pm

Are you sure it’s that bug? By default SQLite wants to write temp files to /var/tmp/ or something that snaps don’t have access to. If you set SQLITE_TMPDIR to /tmp/ it will fix that problem.

kenvandine · October 4, 2017, 7:39pm

Thanks, I’ll try that!