Steve: Yes, the sandbox user exists to protect people from bugs in our http protocol handler, ssl libraries, compressors, etc.
Now, why do we have to write a line about that (I'd not call that noisy): First of all, we want scripts/programs using apt to also use sandboxed downloading. Without a warning, they would not know about it. Optimally, they'd download files to a temporary name, verify checksums, and only then rename to the final location. Second: It also protects against permission issues elsewhere. I hope that we can one day create the files as the normal user, and simply pass an open file descriptor to the workers, that would get rid of permission issues entirely. But that's not very likely to happen in a reasonable future, as sending file descriptors only works via unix sockets and some other fancy stuff we don't use for worker communication. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1522675 Title: Warning messages about unsandboxed downloads Status in apt package in Ubuntu: Fix Released Status in update-notifier package in Ubuntu: Confirmed Status in apt package in Debian: Fix Released Status in synaptic package in Debian: New Bug description: Recently we got new versions for synaptic 0.82+build1 & apt 1.1.3, but now get that error when installing/upgrading some packages: Setting up libc6-dbg:amd64 (2.21-0ubuntu5) ... Processing triggers for libc-bin (2.21-0ubuntu5) ... W: Can't drop privileges for downloading as file '/root/.synaptic/tmp//tmp_cl' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) From nautilus, i'm seeing a /root/ folder locked (x on its icon) and the folder is empty (no /.synaptic/ sub-folder or file), so the above error. oem@u64:~$ ls -l .synaptic total 4 -rw-rw-r-- 1 oem oem 0 Aug 25 11:19 options -rw-rw-r-- 1 oem oem 236 Aug 25 11:19 synaptic.conf oem@u64:~$ ls -l /var/lib/apt/lists/ .... -rw-r----- 1 root root 0 Sep 20 06:36 lock drwx------ 2 _apt root 16384 Sep 24 15:25 partial ...... oem@u64:~$ sudo ls -l /var/lib/update-notifier/package-data-downloads/ ..... drwxr-xr-x 2 _apt root 4096 Sep 22 23:33 partial ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: synaptic 0.82+build1 ProcVersionSignature: Ubuntu 4.3.0-1.10-generic 4.3.0 Uname: Linux 4.3.0-1-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.19.2-0ubuntu8 Architecture: amd64 CurrentDesktop: GNOME Date: Fri Dec 4 05:23:25 2015 SourcePackage: synaptic UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
