Where to save stuff (in snap-agnostic way)
Jamie Strandboge
jamie at canonical.com
Mon Feb 6 17:13:43 UTC 2017
On Sat, 2017-02-04 at 12:00 +0100, Luca Dionisi wrote:
> On Sat, Feb 4, 2017 at 11:43 AM, Oliver Grawert <ogra at ubuntu.com> wrote:
> >
> > hi,
> > Am Freitag, den 03.02.2017, 21:04 +0100 schrieb Luca Dionisi:
> > >
> > > What is the best place to write (and read) a temporary FIFO file from
> > > a confined snap application?
> > > This is for simple IPC between 2 processes of the same snap.
> > > Before attempting to snap the application I was using a fixed
> > > filename
> > > in /tmp. Admittedly poor solution.
> > > The solution should be usable also with another packaging system.
> > >
> > well ... in case of snaps /tmp is a private directory that only your
> > snap can access so it is actually a good place for such stuff ...
> It's worse than that, Jim!
>
> Inside the snap environment I can write files and directories both in
> /tmp and in $XDG_RUNTIME_DIR.
> What I cannot do anywhere is create a FIFO.
>
> bash-4.3$ mkfifo a
> bash: /usr/bin/mkfifo: Permission denied
>
> What's the problem here?
See https://github.com/snapcore/snapd/pull/2749 which adds support for mkfifo
</tldr>
At the lowest levels, mkfifo and mknod are (currently) blocked because they use
the mknod syscall and the mknod syscall can be used to create devices. If we
allowed the use of mknod, a snap could create a device in SNAP_DATA and talk to
the kernel through the device (eg, raw access to your disk).
The above referenced PR limits how mknod can be used to create regular files,
pipes and sockets but not block and character devices. As such, we are adding
the mknod and mkfifo commands as part of that PR and this should be available
for use in snapd 2.23.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170206/863917dd/attachment.sig>
More information about the Snapcraft
mailing list