** Description changed: [SRU] 2.72: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2124239 [ Impact ] A fix has been included in Snapd 2.71 so that it copies Kerberos tickets to a path readable in confined snaps, but not for classic snaps, as classic snaps already have access to the whole file system. That is, if the user specifies a custom, unusual path, when running confined snaps, Snapd should warn that it does not know what to do with that, and indeed: - WARNING: will not expose Kerberos tickets' path: Unsupported + WARNING: will not expose Kerberos tickets' path: Unsupported KRB5CCNAME: DIR:/tmp/krb5cc_1000 Snapd 2.71 will however issue a warning both for confined as well as for classic snaps; This is what this bug is set to fix for 2.72: Suppress the warning on classic snaps. [ Test Plan ] 1. Reproduce with snapd snap == 2.71 - Set up a system with Kerberos using DIR credential cache format: ``` export KRB5CCNAME=DIR:/tmp/krb5cc_1000 ``` - Install a classic snap, such as Node.js: ``` snap install node --classic ``` - Run any Node.js application: ``` node --version ``` - Expect: Warning like ``` 2025/08/22 12:10:38.185638 cmd_run.go:1408: WARNING: will not expose Kerberos tickets' path: Unsupported KRB5CCNAME: DIR:/tmp/krb5cc_1000 ``` 2. Prove fixed with snapd snap 2.72 - Repeat above steps - Expect: Node.js should execute without any warnings, as it did in snapd 2.70. + + [ Where problems could occur ] + + The change in is cmd_run.go; This is run at the beginning of a snap's + execution, be it with the explicit 'snap run node' or by just running + 'node' (where node is an example snap). So a regression would most + likely surface right at this starting phase. ---original--- # snapd 2.71 generates Kerberos warnings for DIR: credential cache format ## Summary After upgrading to snapd 2.71 (revision 25202), all snap applications that use Node.js generate Kerberos-related warnings when `KRB5CCNAME` is set to use the DIR: credential cache format. This warning did not appear in snapd 2.70. ## Steps to Reproduce 1. Set up a system with Kerberos using DIR credential cache format: ``` export KRB5CCNAME=DIR:/tmp/krb5cc_1000 ``` 2. Install Node.js via snap: ``` snap install node --classic ``` 3. Run any Node.js application: ``` node --version ``` ## Expected Behavior Node.js should execute without any warnings, as it did in snapd 2.70. ## Actual Behavior Every execution of Node.js (or any snap that uses Node.js) generates the following warning: ``` 2025/08/22 12:10:38.185638 cmd_run.go:1408: WARNING: will not expose Kerberos tickets' path: Unsupported KRB5CCNAME: DIR:/tmp/krb5cc_1000 ``` ## Environment Information - **OS**: Ubuntu 22.04 - **Kernel**: 6.8.0-65-generic - **Problematic snapd version**: 2.71 (revision 25202) - **Working snapd version**: 2.70 (revision 24792) - **Kerberos setup**: `KRB5CCNAME=DIR:/tmp/krb5cc_1000` - **Affected snap**: node 18.20.8 (revision 9971) classic ## Additional Details - The warning appears to originate from `cmd_run.go:1408` in the snapd codebase - The issue affects any application that runs through snap when Kerberos DIR credential cache is configured - The warning is cosmetic but creates noise in logs and user output - Reverting to snapd 2.70 resolves the issue completely ## Workaround Temporarily revert to the previous snapd version: ``` sudo snap revert snapd ``` ## Impact This affects enterprise environments where Kerberos authentication is commonly used with DIR credential cache format, causing unnecessary warning messages in all snap-based applications. ## Timeline The issue was introduced with the automatic snapd update that occurred on 2025-08-22 at approximately 06:48 EDT, when snapd was updated from revision 24792 (2.70) to revision 25202 (2.71).
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121238 Title: snapd 2.71 (revision 25202) introduced Kerberos credential checking that generates warnings for DIR: format credentials on classic snaps To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2121238/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
