Re: content interface, DENIED mounting $SNAP/mydir

Thu, 09 Mar 2017 07:27:31 -0800

I'd like to propose adding a way to declare in snapcraft.yaml that a folder under SNAP_COMMON (or SNAP_DATA) be created if it does not exist.
Even though interface hooks (future) would seem to support this, it seems a common case so a simpler solution seems apt. 


The particular issue it would solve is auto connecting to a content 
interface mount. Currently, one needs to create the SNAP_COMMON/dir 
(into which the content is mounted) *before* connecting the interface, 
and it is hard to do that when the interface is auto-connected.


Cheers,
kyleN


On 03/02/2017 01:33 PM, knitzsche wrote:

Hi,

I am trying to use the wifi-ap content sharing interface.

It is DENIED (see below) when I try to use a $SNAP directory.

It works when I instead use $SNAP_DATA directory for the content
sharing. But, I have to create that directory at run time: I can't
figure out so far how to create (from snapcraft.yaml) an empty dir in
$SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve my
problem.)

To auto connect the interface (via a store snap declaration), I suppose
the directory must be present at install time. So  creating the dir at
run time does not seem sufficient for the auto-connect requirement.

Help appreciated.

== Details when trying to use SNAP dir for content sharing:

snapcraft.yaml snippet:

apps:
  wifi-ap:
    command: bin/wifi-ap
    plugs: [control, content]

plugs:
  control:
    interface: content
    content: socket-directory
    target: $SNAP/sockets
parts:
  controldir:
    plugin: dump
    source: .
    prime:
      - sockets

I connect my snap to the interface apparently successfully:
$ sudo snap connect serv:control wifi-ap:control

Verify connection:
$ snap interfaces | grep serv | grep "wifi-ap:"
wifi-ap:control           serv

But the bind mount was DENIED:
Mar 02 18:01:02 localhost.localdomain kernel: audit: type=1400
audit(1488477662.292:350110): apparmor="DENIED" operation="mount"
info="failed srcname match" error=-13
profile="/usr/lib/snapd/snap-confine" name="/snap/serv/x3/sockets/"
pid=11461 comm="snap-confine" srcname="/var/snap/wifi-ap/94/sockets/"
flags="rw, bind"

Both wifi-ap snap and my snap seem to have the required directories:
$ ls /var/snap/wifi-ap/94/sockets/
control
knitzsche@localhost:~$ ls /snap/serv/x3/
bin  command-run.wrapper  command-scan.wrapper  command-wifi-ap.wrapper
meta  snap  sockets

Cheers,
kyleN






--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft






















					Reply via email to