Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Executing a snap binary from the Node snap distribution #663

Closed
mortenpi opened this issue May 13, 2018 · 5 comments
Closed

Executing a snap binary from the Node snap distribution #663

mortenpi opened this issue May 13, 2018 · 5 comments

Comments

@mortenpi
Copy link

mortenpi commented May 13, 2018
edited
Loading

I am running into a strange problem with the snap distribution of Node on Ubuntu 18.04. For some reason the child_process module is not able to exec other snap programs if they are started with the snap binary (including via the /snap/bin symlinks). To reproduce:

  1. Install the hello and node snaps:

    sudo snap install hello
sudo snap install node --classic --channel=8/stable

  2. Run the hello command with child_process.exec:

    > chp = require("child_process")
> chp.exec("hello -v", function(x,y,z){console.log(x,y,z);})

    With this setup I am getting the following error:

    > { Error: Command failed: hello -v

    at ChildProcess.exithandler (child_process.js:282:12)
    at ChildProcess.emit (events.js:182:13)
    at ChildProcess.EventEmitter.emit (domain.js:460:23)
    at maybeClose (internal/child_process.js:957:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:246:5) killed: false, code: 1, signal: null, cmd: 'hello -v' } '' ''

    instead of seeing

    > null 'Hello, world!\n' ''

Additionally:

  • Running non-snap commands seems to work fine (e.g. chp.exec("ls")
  • If you give the full path to the snap binary, it works as expected: 
    > chp.exec("/snap/hello/current/bin/hello", function(x,y,z){console.log(x,y,z);})
> null 'Hello, world!\n' ''
  • I tried both v8.11.1 and v11.0.0-nightly2018051220509ebee6 snap distributions -- both have the issue.
  • Everything works as expected with the v8.11.1 64-bit Linux binaries from the Node.js website.

Versions:

$ snap version
snap    2.32.6
snapd   2.32.6
series  16
ubuntu  18.04
kernel  4.15.0-20-generic
@true0r
Copy link

true0r commented Apr 17, 2019

I have similar problem. I spent a lot of time reading the code and debugging, figuring out what was happening in one of the npm modules.

$ snap version
snap    2.38+19.04
snapd   2.38+19.04
series  16
ubuntu  19.04
kernel  5.0.0-11-generic

$ node -v
v10.15.3

@true0r true0r mentioned this issue Apr 17, 2019
Closed
@ivoanjo
Copy link

ivoanjo commented May 26, 2019

I'm having exactly the same problem when using the aws cdk installed via the node snap: whenever it tries to exec() npm to perform some of the operations it uses it fails.

Example output:

anjoivo:~/workspaces/experiments/hellocdk$ cdk ls
[INFO] Scanning for projects...
...
Could not run version check due to error Command failed: npm view aws-cdk version

@marzolfb marzolfb mentioned this issue Jun 16, 2019
Closed
@xbao
Copy link

xbao commented Sep 2, 2019

Ran into this too. Took me a while to figure out it was the snap layer where it was breaking. I don't know how to fix it, here's some more debugging info:

Running

NODE_DEBUG=CHILD_PROCESS node -e 'require("child_process").exec("/snap/bin/hello-world")'

gives:

CHILD_PROCESS 14802: spawn [ '/bin/sh', '-c', '/snap/bin/hello-world' ] { cwd: null,
  env: null,
  gid: undefined,
  uid: undefined,
  shell: true,
  windowsHide: false,
  windowsVerbatimArguments: false }

and generates a bunch of denies in /var/log/syslog:

Sep  2 14:07:02 pop-os kernel: [16630.420153] audit: type=1400 audit(1567390022.342:323): apparmor="DENIED" operation="file_inherit" profile="/snap/core/7396/usr/lib/snapd/snap-confine" pid=15086 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
Sep  2 14:07:02 pop-os kernel: [16630.420155] audit: type=1400 audit(1567390022.342:324): apparmor="DENIED" operation="file_inherit" profile="/snap/core/7396/usr/lib/snapd/snap-confine" pid=15086 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
Sep  2 14:07:02 pop-os kernel: [16630.420157] audit: type=1400 audit(1567390022.342:325): apparmor="DENIED" operation="file_inherit" profile="/snap/core/7396/usr/lib/snapd/snap-confine" pid=15086 comm="snap-confine" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none
Sep  2 14:07:02 pop-os kernel: [16630.420991] audit: type=1400 audit(1567390022.342:326): apparmor="DENIED" operation="open" profile="/snap/core/7396/usr/lib/snapd/snap-confine" name="/etc/pop-os/os-release" pid=15086 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.422729] audit: type=1400 audit(1567390022.346:327): apparmor="DENIED" operation="file_inherit" profile="snap.hello-world.hello-world" name="/apparmor/.null" pid=15086 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.422731] audit: type=1400 audit(1567390022.346:328): apparmor="DENIED" operation="file_inherit" profile="snap.hello-world.hello-world" name="/apparmor/.null" pid=15086 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.422732] audit: type=1400 audit(1567390022.346:329): apparmor="DENIED" operation="file_inherit" profile="snap.hello-world.hello-world" name="/apparmor/.null" pid=15086 comm="snap-exec" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0
Sep  2 14:07:02 pop-os kernel: [16630.423598] audit: type=1400 audit(1567390022.346:330): apparmor="DENIED" operation="open" profile="snap.hello-world.hello-world" name="/etc/pop-os/os-release" pid=15086 comm="snap-exec" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Running the command that's spawned by node manually works (prints out 'Hello World!') with two denies in /var/log/syslog:

Sep  2 14:08:04 pop-os kernel: [16692.778119] audit: type=1400 audit(1567390084.698:331): apparmor="DENIED" operation="open" profile="/snap/core/7396/usr/lib/snapd/snap-confine" name="/etc/pop-os/os-release" pid=15242 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep  2 14:08:04 pop-os kernel: [16692.780559] audit: type=1400 audit(1567390084.702:332): apparmor="DENIED" operation="open" profile="snap.hello-world.hello-world" name="/etc/pop-os/os-release" pid=15242 comm="snap-exec" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

I'm running Node 10.16.1 on Pop!_OS 19.04 (Ubuntu derivative), notes from node info --verbose snap:

notes:               
  private:           false
  confinement:       classic
  devmode:           false
  jailmode:          false
  trymode:           false
  enabled:           true
  broken:            false
  ignore-validation: false

@colonelchlorine
Copy link

Failing for me as well. Had to opt out of snap and found a way to install an up-to-date version of NodeJS, npm, npx via apt instead.

curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs

@jdstrand
Copy link

FYI, this seems to be https://bugs.launchpad.net/snapd/+bug/1835805

@golf1052 golf1052 mentioned this issue Jan 3, 2020
Closed
@dim dim mentioned this issue Aug 25, 2020
Closed
@timsueberkrueb timsueberkrueb mentioned this issue Sep 27, 2020
Closed
@jehon jehon mentioned this issue Dec 14, 2020
Closed
@igsu igsu closed this as completed Aug 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@mortenpi @colonelchlorine @jdstrand @ivoanjo @true0r @xbao @igsu