search

sergiusens / snapcraft-preload

Use smart preloading in your snaps to avoid hard coded parts that would fail security.
12 stars 20 forks source link

Cannot write file in /dev/shm #31

Open tsunghanliu opened 5 years ago

tsunghanliu commented 5 years ago

I am using snapcraft-preload on Raspberry Pi 2. The program tried to create files in /dev/shm, but it failed. What I got from strace output:

[pid 31606] open("/dev/shm//aircraft.json.zwvuFj", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
[pid 31606] open("/dev/shm//status.json.auC2KK", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)

For other regular file, I can see the redirecting works. For instance:

[pid 31606] access("/snap/test-snap/x6/var/snap/test-snap/x6/rbfeeder/rbfeeder.ini", F_OK) = -1 ENOENT (No such file or directory)
[pid 31606] open("/var/snap/test-snap/x6/rbfeeder/rbfeeder.ini", O_RDONLY|O_LARGEFILE) = 4
[pid 31606] fstat64(4, {st_mode=S_IFREG|0644, st_size=204, ...}) = 0

I'm not sure if I missed something. Could anyone please provide some suggestions?

tsunghanliu commented 5 years ago

I found that the program use mkstemp() to create random filenames. I write a tiny testing program and the path is still the same. So, the mkstemp series definitely needs an additional mapping.

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int main(void)
{
    char path[64];
    int fd;

    strcpy(path, "/dev/shm/mkstemp-XXXXXX");
    fd = mkstemp(path);

    printf("fd: %d, path:%s\n", fd, path);

    return 0;
}