LTSP 5 is in minimal maintenance mode
The new LTSP is hosted at https://ltsp.github.io

IRC chat logs for #ltsp on irc.freenode.net (webchat)


Channel log from 13 October 2019   (all times are UTC)

04:35kjackal has joined IRC (kjackal!~quassel@2a02:587:3107:2e00:c19f:868:6964:3b1f)
04:55kjackal has left IRC (kjackal!~quassel@2a02:587:3107:2e00:c19f:868:6964:3b1f, Ping timeout: 246 seconds)
05:07kjackal has joined IRC (kjackal!~quassel@2a02:587:3107:2e00:c19f:868:6964:3b1f)
06:53
<alkisg>
ogra: hi there, you're familiar with snaps, right? In the new ltsp, snaps fail to run with "cannot create lock directory /run/snapd/lock: Permission denied", and journalctl then shows apparmor errors
06:53
Do you have a minute to check the logs in http://termbin.com/fdy9 and guide me a bit? Should I file a bug in snapd for this?
07:19ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
07:35woernie has joined IRC (woernie!~werner@p5B296156.dip0.t-ipconnect.de)
08:57yanu has left IRC (yanu!~yanu@178-116-54-5.access.telenet.be, Remote host closed the connection)
09:02ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
09:13shored has left IRC (shored!~shored@87-92-122-167.bb.dnainternet.fi, Read error: Connection reset by peer)
09:13shored has joined IRC (shored!~shored@87-92-122-167.bb.dnainternet.fi)
09:39R4F4EL has left IRC (R4F4EL!b1149819@177.20.152.25, Ping timeout: 260 seconds)
10:10yanu has joined IRC (yanu!~yanu@178-116-54-5.access.telenet.be)
10:12
<ogra>
alkisg, are you trying to run a snap on top of an overlayfs based rootfs ? i dont think that works, apparmor cant handle overlayfs
10:12
<alkisg>
ogra: how does it work with live cds?
10:12
<ogra>
completely droping all apparmor rules afaik
10:13
<alkisg>
Hmm, I think it works with ltsp5 too, which doesn't do anything with apparmor afaik...
10:13
<ogra>
but i havent worked on that, no idea how/what it does ... try talking to sil2100 (i doubt he is around on the weekend)
10:13
<alkisg>
OK, thanks a lot; maybe I should file a bug report and we can discuss it there with sil2100...
10:14
<ogra>
my guess would be that there is something in the casper code that puts an apparmor rule in place to turn off all confinement
10:14
<alkisg>
eoan-casper$ grep -r apparmor ==> nothing
10:14
<ogra>
or in snapd itself (i.e. when iot detects it runs on top of a livefs)
10:14
*it
10:14
<alkisg>
I do see code in snap itself that special-cases some things on overlayfs, but I don't understand them
10:15
<ogra>
https://forum.snapcraft.io/t/confined-snaps-dont-work-on-live-images-due-to-apparmor-path-mapping/3767
10:15
perhaps there is a hint in there
10:15
<alkisg>
ogra, if snapd requests special permissions from apparmor, and one disables apparmor, this won't work, right? It'll need "rules to allow"... right?
10:15
E.g. if I run `systemctl mask apparmor`, then snaps won't work at all?
10:16
<ogra>
right, else simply everything woudl be blocked
10:16
<alkisg>
Gotcha. Ty, looking more into it..
10:17
<ogra>
https://github.com/snapcore/snapd/pull/4714
10:17
i think this is the inital patch that adds it
10:18
<alkisg>
Yes I think that's the exact issue; now to read/understand if ltsp can work around it, or if we need to request a change in snapd...
10:19
<ogra>
oh, and are you using a std. ubuntu kernel or something special ?
10:19
<alkisg>
Standard
10:19
<ogra>
good
10:19
<alkisg>
LTSP nowadays doesn't have any line of compiled code
10:19
Just shell and a tiny bit of python
10:20
<ogra>
yeah
10:21
also note that remote mounted homedirs are an issue with snaps (not sure where that stands though, i know zyga in #snappy did some work for nfs home but i dont thinkit is fully done)
10:21
<alkisg>
Ouch
10:21
<ogra>
yeah, apparmor is pretty picky about its filesystems
10:22
sadly
10:23
<alkisg>
Hrm. I think snapd correctly identifies /run/initramfs/ltsp/up, yet apparmor doesn't, and thinks it's just /up
10:23
Οκτ 13 09:36:42 pc01 kernel: audit: type=1400 audit(1570948602.715:324): apparmor="DENIED" operation="open" profile="/snap/core/7917/usr/lib/snapd/snap-confine" name="/up/" pid=3390 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
10:24
name="/up/" there, instead of /run/initramfs/ltsp/up
10:24
<ogra>
might be a bug in snap-confine, also zyga's work
10:25
<alkisg>
I'll file a bug report in launchpad and ask for help there
10:25
Thank you ogra
10:25
<ogra>
i think you should start a forum post since thats actually rather a collection of issues :)
10:25
<alkisg>
Ah ok, forum it is
10:25
<ogra>
in the "snapd" category
10:25
thats the queue they watch i think
10:25
<alkisg>
Nice
10:26
My password is too short?! :P #(*$#(*&
10:27
(signing up to the forum)
10:27
<ogra>
yeah, silly that it doesnt use your LP login
10:27
but the word is "snaps are distro independent, so we dont want to tie it to canonical stuff too much"
10:28
not sure why that must mean "your user experience needs to suck" :P
11:59woernie has left IRC (woernie!~werner@p5B296156.dip0.t-ipconnect.de, Remote host closed the connection)
12:00woernie has joined IRC (woernie!~werner@p5B296156.dip0.t-ipconnect.de)
12:06woernie has left IRC (woernie!~werner@p5B296156.dip0.t-ipconnect.de, Remote host closed the connection)
12:07woernie has joined IRC (woernie!~werner@p5B296156.dip0.t-ipconnect.de)
12:21kjackal has left IRC (kjackal!~quassel@2a02:587:3107:2e00:c19f:868:6964:3b1f, Ping timeout: 246 seconds)
12:41kjackal has joined IRC (kjackal!~quassel@2a02:587:3107:2e00:bc4f:1c14:4954:cd75)
12:55GodFather has joined IRC (GodFather!~rcc@rrcs-24-97-44-238.nys.biz.rr.com)
13:20GodFather has left IRC (GodFather!~rcc@rrcs-24-97-44-238.nys.biz.rr.com, Ping timeout: 240 seconds)
13:36nikoh77 has joined IRC (nikoh77!~nikoh77@host149-141-dynamic.59-82-r.retail.telecomitalia.it)
14:11GodFather has joined IRC (GodFather!~rcc@2600:1000:b045:5053:9857:7419:302c:6fdb)
15:04GodFather has left IRC (GodFather!~rcc@2600:1000:b045:5053:9857:7419:302c:6fdb, Ping timeout: 264 seconds)
15:16GodFather has joined IRC (GodFather!~rcc@10.sub-97-33-125.myvzw.com)
15:27GodFather has left IRC (GodFather!~rcc@10.sub-97-33-125.myvzw.com, Ping timeout: 264 seconds)
15:31Freejack has joined IRC (Freejack!~Freejack@unaffiliated/freejack)
16:52GodFather has joined IRC (GodFather!~rcc@133.sub-97-33-64.myvzw.com)
17:00GodFather has left IRC (GodFather!~rcc@133.sub-97-33-64.myvzw.com, Ping timeout: 240 seconds)
17:56ricotz has joined IRC (ricotz!~ricotz@155.133.203.96)
17:56ricotz has left IRC (ricotz!~ricotz@155.133.203.96, Changing host)
17:56ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
18:47adrianorg has joined IRC (adrianorg!~adrianorg@191.32.100.160)
18:50adrianor1 has left IRC (adrianor1!~adrianorg@179.179.75.64, Ping timeout: 240 seconds)
19:37woernie has left IRC (woernie!~werner@p5B296156.dip0.t-ipconnect.de, Remote host closed the connection)
19:38nikoh77 has left IRC (nikoh77!~nikoh77@host149-141-dynamic.59-82-r.retail.telecomitalia.it, Ping timeout: 268 seconds)
19:42nikoh77 has joined IRC (nikoh77!~nikoh77@host149-141-dynamic.59-82-r.retail.telecomitalia.it)
20:00kjackal has left IRC (kjackal!~quassel@2a02:587:3107:2e00:bc4f:1c14:4954:cd75, Ping timeout: 252 seconds)
20:46
<alkisg>
ogra: snaps now work, by changing only one word!
20:46
mount -t overlay -o "upperdir=$tmpfs/up,lowerdir=$src,workdir=$tmpfs/work" XXXXX "$dst" => XXXXX was overlay and needed to become "$tmpfs"
20:46
It's a signal to snap-confine to find the correct path
21:16
!thin
21:16
<ltsp>
I do not know about 'thin', but I do know about these similar topics: 'thin-clients-bandwidth'
21:16
<alkisg>
!fat
21:16
<ltsp>
I do not know about 'fat', but I do know about these similar topics: 'fatclient-printers', 'epoptes-fat-clients', 'fat-internal-disks', 'fat-passwd', 'fat-sudo', 'fatclients'
21:17
<alkisg>
!thin-clients-bandwidth
21:17
<ltsp>
thin-clients-bandwidth: A small explanation why thin clients can't perform well with video, lots of screen updates etc: https://sourceforge.net/p/ltsp/mailman/message/35694699/
21:19ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
21:19
<alkisg>
!learn thin-client-deprecation as The new LTSP doesn't support thin clients (remote Xorg), but it does support low-spec netbooted clients with remote desktop (xfreerdp, x2go etc). Read more in https://github.com/ltsp/community/issues/32
21:19
<ltsp>
The operation succeeded.
21:39adrianor1 has joined IRC (adrianor1!~adrianorg@177.132.218.163)
21:41adrianorg has left IRC (adrianorg!~adrianorg@191.32.100.160, Ping timeout: 265 seconds)
21:48adrianor1 has left IRC (adrianor1!~adrianorg@177.132.218.163, Ping timeout: 240 seconds)
22:09adrianorg has joined IRC (adrianorg!~adrianorg@187.113.245.125)
23:21adrianor1 has joined IRC (adrianor1!~adrianorg@177.156.230.182)
23:22adrianorg has left IRC (adrianorg!~adrianorg@187.113.245.125, Ping timeout: 240 seconds)