Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Executing a snap binary from the Node snap distribution #663

Open
mortenpi opened this issue May 13, 2018 · 5 comments
Open

Executing a snap binary from the Node snap distribution #663

mortenpi opened this issue May 13, 2018 · 5 comments

Comments

@mortenpi
Copy link

@mortenpi mortenpi commented May 13, 2018

I am running into a strange problem with the snap distribution of Node on Ubuntu 18.04. For some reason the child_process module is not able to exec other snap programs if they are started with the snap binary (including via the /snap/bin symlinks). To reproduce:

  1. Install the hello and node snaps:

    sudo snap install hello
    sudo snap install node --classic --channel=8/stable
  2. Run the hello command with child_process.exec:

    > chp = require("child_process")
    > chp.exec("hello -v", function(x,y,z){console.log(x,y,z);})
    

    With this setup I am getting the following error:

    > { Error: Command failed: hello -v
    
        at ChildProcess.exithandler (child_process.js:282:12)
        at ChildProcess.emit (events.js:182:13)
        at ChildProcess.EventEmitter.emit (domain.js:460:23)
        at maybeClose (internal/child_process.js:957:16)
        at Process.ChildProcess._handle.onexit (internal/child_process.js:246:5) killed: false, code: 1, signal: null, cmd: 'hello -v' } '' ''
    

    instead of seeing

    > null 'Hello, world!\n' ''
    

Additionally:

  • Running non-snap commands seems to work fine (e.g. chp.exec("ls")
  • If you give the full path to the snap binary, it works as expected:
    > chp.exec("/snap/hello/current/bin/hello", function(x,y,z){console.log(x,y,z);})
    > null 'Hello, world!\n' ''
    
  • I tried both v8.11.1 and v11.0.0-nightly2018051220509ebee6 snap distributions -- both have the issue.
  • Everything works as expected with the v8.11.1 64-bit Linux binaries from the Node.js website.

Versions:

$ snap version
snap    2.32.6
snapd   2.32.6
series  16
ubuntu  18.04
kernel  4.15.0-20-generic
@true0r

This comment has been minimized.

Copy link

@true0r true0r commented Apr 17, 2019

I have similar problem. I spent a lot of time reading the code and debugging, figuring out what was happening in one of the npm modules.

$ snap version
snap    2.38+19.04
snapd   2.38+19.04
series  16
ubuntu  19.04
kernel  5.0.0-11-generic

$ node -v
v10.15.3
@ivoanjo

This comment has been minimized.

Copy link

@ivoanjo ivoanjo commented May 26, 2019

I'm having exactly the same problem when using the aws cdk installed via the node snap: whenever it tries to exec() npm to perform some of the operations it uses it fails.

Example output:

anjoivo:~/workspaces/experiments/hellocdk$ cdk ls
[INFO] Scanning for projects...
...
Could not run version check due to error Command failed: npm view aws-cdk version
@xbao

This comment has been minimized.

Copy link

@xbao xbao commented Sep 2, 2019

Ran into this too. Took me a while to figure out it was the snap layer where it was breaking. I don't know how to fix it, here's some more debugging info:

Running

NODE_DEBUG=CHILD_PROCESS node -e 'require("child_process").exec("/snap/bin/hello-world")'

gives:

CHILD_PROCESS 14802: spawn [ '/bin/sh', '-c', '/snap/bin/hello-world' ] { cwd: null,
  env: null,
  gid: undefined,
  uid: undefined,
  shell: true,
  windowsHide: false,
  windowsVerbatimArguments: false }

and generates a bunch of denies in /var/log/syslog:

Sep  2 14:07:02 pop-os kernel: [16630.420153] audit: type=1400 audit(1567390022.342:323): apparmor="DENIED" operation="file_inherit" profile="/snap/core/7396/usr/lib/snapd/snap-confine" pid=15086 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
Sep  2 14:07:02 pop-os kernel: [16630.420155] audit: type=1400 audit(1567390022.342:324): apparmor="DENIED" operation="file_inherit" profile="/snap/core/7396/usr/lib/snapd/snap-confine" pid=15086 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
Sep  2 14:07:02 pop-os kernel: [16630.420157] audit: type=1400 audit(1567390022.342:325): apparmor="DENIED" operation="file_inherit" profile="/snap/core/7396/usr/lib/snapd/snap-confine" pid=15086 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
Sep  2 14:07:02 pop-os kernel: [16630.420991] audit: type=1400 audit(1567390022.342:326): apparmor="DENIED" operation="open" profile="/snap/core/7396/usr/lib/snapd/snap-confine" name="/etc/pop-os/os-release" pid=15086 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.422729] audit: type=1400 audit(1567390022.346:327): apparmor="DENIED" operation="file_inherit" profile="snap.hello-world.hello-world" name="/apparmor/.null" pid=15086 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.422731] audit: type=1400 audit(1567390022.346:328): apparmor="DENIED" operation="file_inherit" profile="snap.hello-world.hello-world" name="/apparmor/.null" pid=15086 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.422732] audit: type=1400 audit(1567390022.346:329): apparmor="DENIED" operation="file_inherit" profile="snap.hello-world.hello-world" name="/apparmor/.null" pid=15086 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.423598] audit: type=1400 audit(1567390022.346:330): apparmor="DENIED" operation="open" profile="snap.hello-world.hello-world" name="/etc/pop-os/os-release" pid=15086 comm="snap-exec" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Running the command that's spawned by node manually works (prints out 'Hello World!') with two denies in /var/log/syslog:

Sep  2 14:08:04 pop-os kernel: [16692.778119] audit: type=1400 audit(1567390084.698:331): apparmor="DENIED" operation="open" profile="/snap/core/7396/usr/lib/snapd/snap-confine" name="/etc/pop-os/os-release" pid=15242 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep  2 14:08:04 pop-os kernel: [16692.780559] audit: type=1400 audit(1567390084.702:332): apparmor="DENIED" operation="open" profile="snap.hello-world.hello-world" name="/etc/pop-os/os-release" pid=15242 comm="snap-exec" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

I'm running Node 10.16.1 on Pop!_OS 19.04 (Ubuntu derivative), notes from node info --verbose snap:

notes:               
  private:           false
  confinement:       classic
  devmode:           false
  jailmode:          false
  trymode:           false
  enabled:           true
  broken:            false
  ignore-validation: false
@colonelchlorine

This comment has been minimized.

Copy link

@colonelchlorine colonelchlorine commented Oct 29, 2019

Failing for me as well. Had to opt out of snap and found a way to install an up-to-date version of NodeJS, npm, npx via apt instead.

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs
@jdstrand

This comment has been minimized.

Copy link

@jdstrand jdstrand commented Dec 13, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.