cmd/snap-confine: pass uid/gid to initial tmpfs

We mount the tmpfs which will be used as the rootfs of the mount namespace of the snap without any options. Since at the time were are running as root (user) but keep the original group of the calling user, this captures the gid of the user in the mount options. Pass uid=0,gid=0 explicitly, so that it is not an issue. Jira: https://warthogs.atlassian.net/browse/SNAPDENG-33380 Signed-off-by: Zygmunt Krynicki <[email protected]>
pedronis · Oct 22, 2024 · e2fe8b8 · e2fe8b8
1 parent 374ca54
commit e2fe8b8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cmd/snap-confine/mount-support.c b/cmd/snap-confine/mount-support.c
@@ -542,7 +542,7 @@ static void sc_bootstrap_mount_namespace(const struct sc_mount_config *config)
 		sc_initialize_ns_fstab(config->snap_instance);
 		// Create a tmpfs on scratch_dir; we'll them mount all the root
 		// directories of the base snap onto it.
-		sc_do_mount("none", scratch_dir, "tmpfs", 0, NULL);
+		sc_do_mount("none", scratch_dir, "tmpfs", 0, "uid=0,gid=0");
 		sc_replicate_base_rootfs(scratch_dir, config->rootfs_dir,
 					 config->mounts);
 	} else {