[squid-dev] To make squid works in snap world.

Eliezer Croitoru eliezer at ngtech.co.il
Wed Mar 15 08:31:12 UTC 2017


+1

How can I reproduce he error?
Is there a bug report open for this issue?

Thanks,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


-----Original Message-----
From: squid-dev [mailto:squid-dev-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Wednesday, March 15, 2017 6:43 AM
To: squid-dev at lists.squid-cache.org
Subject: Re: [squid-dev] To make squid works in snap world.

On 15/03/2017 3:44 a.m., Gary Wang wrote:
> Hi guys
>     I'm sorry that I'm here so late. :(
>     Generally, regarding the purpose of this MP.
>     
> https://code.launchpad.net/~gary-wzl77/squid/ipc_prefix/+merge/318714
> 
>     I'd like to make squid snap works as a confined 
> <https://snapcraft.io/docs/reference/confinement>snap in snap world. 
> So that we can ship this snap in ubuntu-core.
>     The reason why I need to add compile option to enable to customize 
> IPC prefix at compiling time is that in order to use shared memory in 
> an app which released as a snap package the only allowed file path 
> will be like this  <https://bugs.launchpad.net/snappy/+bug/1653955>(in 
> the following
> namespace)
>  /dev/shm/sem.snap.@{SNAP_NAME}.*
> 
>     Hence in our case, the shared memory file path should be
>     /dev/shm/sem.snap.squid-snap.{random-string}
>     Otherwise, you will get the following error when running the squid 
> in snap world
>     http://paste.ubuntu.com/24175840/
> 

Having looked at this a lot more now I think the patch is based on an incorrect assumption.

You see Squid complaining of /dev/shm Permissions error. Other people getting that error in snap world were using semaphores and fixed it by using snap /dev/shm/sem.* names. So you fixed the /dev/shm naming to match snap semaphore naming.

... but Squid does *not* use semaphores.

Simply making Squid pretend to be doing semaphores to bypass the security is not the right way forward.

The real question is why the permissions error is occuring?

What in snap world is refusing permission?

Amos

_______________________________________________
squid-dev mailing list
squid-dev at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev



More information about the squid-dev mailing list