snapd

XDG_RUNTIME_DIR is not created on app startup

Bug #1656340 reported by Marco Trevisan (Treviño)
58
This bug affects 9 people
Affects Status Importance Assigned to Milestone
snapd
Triaged
Undecided
Zygmunt Krynicki
snapd (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Steps to reproduce:
1. Install Ubuntu 16.04 LTS
2. Install test application as Notepadqq - `snap install notepadqq`
3. Try to launch it as root

$ which notepadqq
/snap/bin/notepadqq

$ sudo snap run notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
QXcbConnection: Could not connect to display :0.0
Aborted (core dumped)

$ pkexec snap run notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
QXcbConnection: Could not connect to display
Aborted (core dumped)

$ sudo notepadqq
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
QXcbConnection: Could not connect to display :0.0
Aborted (core dumped)
$ gksudo notepadqq
No protocol specified
QXcbConnection: Could not connect to display :0.0

$ sudo -u www-data notepadqq /var/www/html/index.html
2018/02/25 22:40:11.162682 cmd_run.go:562: WARNING: cannot create user data directory: cannot create "/var/www/snap/notepadqq/115": mkdir /var/www/snap: permission denied
cannot create user data directory: /var/www/snap/notepadqq/115: Read-only file system

Expected results:
user is able to run snap-installed program as root

Expected results:
user is unable to run snap-installed program as root

Note:
first seen on AskUbuntu ( https://askubuntu.com/q/1009698/66509 ).

----

XDG_RUNTIME_DIR is now properly set, but... The dir isn't created by default.
This should be done on launch.

Apps that have this environment variable set, expects the path to be there (as normally it is in a location that the user can't edit /run/user)...

marco@ubuntu-vmware:~:0$ snap run --shell test-snap
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

marco@ubuntu-vmware:/home/marco$ echo $XDG_RUNTIME_DIR
/run/user/1000/snap.qt5-systray
marco@ubuntu-vmware:/home/marco$ ls $XDG_RUNTIME_DIR
ls: cannot access '/run/user/1000/snap.qt5-systray': No such file or directory

See original description
Marco Trevisan (Treviño) (3v1n0)
affects: snap-confine → snapd
Changed in snapd:
status: New → Confirmed
Zygmunt Krynicki (zyga)
Changed in snapd:
assignee: nobody → Zygmunt Krynicki (zyga)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This bug should definitely be fixed, but note that snaps are allowed to create /run/user/1000/snap.$SNAP_NAME by this rule:

owner /{dev,run}/user/[0-9]*/snap.@{SNAP_NAME}/ rw,

As a workaround for your snap, feel free to (do the equivalent of):

mkdir /run/user/`id -u`/snap."$SNAP_NAME" || true

Marco Trevisan (Treviño) (3v1n0)
affects: snapd → snappy
Jamie Strandboge (jdstrand)
tags: added: snapd-interface
Changed in snappy:
status: Confirmed → Triaged
Alan Pope 🍺🐧🐱 🦄 (popey)
tags: added: eco-team
Jamie Strandboge (jdstrand)
tags: removed: snapd-interface
Revision history for this message
Lucy Llewellyn (lucyllewy) wrote :

This functionality was added in https://github.com/snapcore/snapd/commit/1e3735f630f98df315e11b8d8d58d33b61476f59

and removed again in https://github.com/snapcore/snapd/commit/7ea43f1c74e1e056250359031cb715cb85adb349

I can't find any reference as to why is was removed. The commit message is decidedly absent any information which would help us understand the motivation.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Daniel, there are two things here: XDG_RUNTIME_DIR in terms of the user's session and XDG_RUNTIME_DIR in terms of the snap. The one for the user is supposed to be created by the session manager, but it sometimes isn't. The one for the snap should be created by snappy.

Zygmunt could comment better, but iirc, the reason it was removed is because people didn't like that setup_user_xdg_runtime_dir() was special-casing /run/user/<uid> instead of using generic helpers. Using generic helpers was difficult because different directories are supposed to have different ownership and permissions (in this case, /run/user/uid should be uid:uid 700, but /run/user is 0:0 755, /run 0:0). Unless I'm forgetting some context, I'm still ok with special casing this directory.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in snapd (Ubuntu):
status: New → Confirmed
Norbert (nrbrtx)
tags: added: artful bionic xenial
Norbert (nrbrtx)
description: updated
tags: added: cosmic
removed: artful
Revision history for this message
Zebediah Boss (zebedee-boss) wrote :

Hi,

I am getting the same thing on Ubuntu-budgie 19.10 nightly build 20190926

zebedee@budgie-2950x:~$ snap version
snap 2.41+19.10.1
snapd 2.41+19.10.1
series 16
ubuntu 19.10
kernel 5.3.0-10-generic
zebedee@budgie-2950x:~$

obs-studio --next is not working and neither is discord

Regards Zeb...

Revision history for this message
Zebediah Boss (zebedee-boss) wrote :

Hi additional output from running obs-studio

zebedee@budgie-2950x:~$ sudo snap run obs-studio
[sudo] password for zebedee:
mkdir: cannot create directory '/run/user/0': Permission denied
No protocol specified
Error: unable to open display :0
/snap/obs-studio/697/usr/sbin:/snap/obs-studio/697/usr/bin:/snap/obs-studio/697/sbin:/snap/obs-studio/697/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
QStandardPaths: XDG_RUNTIME_DIR points to non-existing path '/run/user/0/snap.obs-studio', please create it with 0700 permissions.
No protocol specified
qt.qpa.screen: QXcbConnection: Could not connect to display :0
Could not connect to any X display.
zebedee@budgie-2950x:~$

Revision history for this message
Ian Johnson (anonymouse67) wrote :

@jdstrand, what is the resolution to this bug and https://bugs.launchpad.net/snap-confine/+bug/1620442?

Is it that snapd should create /run/user/0 on behalf of the snap when it doesn't exist, or is it the case that XDG_RUNTIME_DIR should be set to `/run/user/0/snap.$SNAP_NAME` instead? Or both perhaps?

Norbert (nrbrtx)
tags: removed: cosmic
Michael Vogt (mvo)
affects: snappy → snapd
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.