/snap/bin not in $PATH on desktop
Zygmunt Krynicki
zygmunt.krynicki at canonical.com
Wed Sep 7 14:20:00 UTC 2016
> On 7 Sep 2016, at 13:16, Sylvain Pineau <sylvain.pineau at canonical.com> wrote:
>
> Hello,
>
> I noticed that I was not able to call other snap commands from my own snap on my desktop.
> So I tested what was defined using the hello-world.env command.
>
> On desktop (with ubuntu-core 16.04.1 rev 352)
>
> $ hello-world.env | grep ^PATH=
> PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
>
> But on a true snappy system (with ubuntu-core 16.04.1 rev 453), I get:
>
> $ hello-world.env | grep ^PATH=
> PATH=/home/ubuntu/bin:/home/ubuntu/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
>
> Is there any reason to not have /snap/bin as part of the $PATH available to snap commands?
Snaps cannot execute other snaps. The PATH difference is caused by how snap-confine behaves when it runs on classic but in general even if you used an absolute path you would not be able to start any other applications from /snap/bin. Allowing this would create an implicit interface (dependency between your snap and some other, perhaps third party, snap).
If you need access to executables that you control you can use the content interface to bind mount another snap into your own snap and execute those commands directly, with the same security profile as the running application.
Best regards
ZK
More information about the Snapcraft
mailing list