Reading /etc

Marco Ceppi marco.ceppi at
Thu Mar 2 02:29:27 UTC 2017

I don't have an answer for you, but wanted to add some color to the
problem. The issue lies within a dependency of the latest version of pip.
Previously they vendored in a small library to do rudimentary distribution
checking. In later versions, they've included the nir0s/distro python
package, which does more aggressive checks against things like /etc and is
hard coded.

I submitted a patch to the distro repo  and it's landed, but it needs
to be pulled into pip and release. Once that's done, UNIXCONFDIR
environment variable could be used to override where to find `/etc`. For my
snap, I ended up moving to classic confinement as it fit better with the
tool (a system utility).


On Wed, Mar 1, 2017 at 9:07 PM Facundo Batista <
facundo.batista at> wrote:

> Hola!
> When calling pip from inside a snap, it (while investigating the system
> it's in) tries to  os.listdir("/etc")  which is
> denied to it:
>         Mar  1 15:44:04 tanquita kernel: [16153.906524] audit: type=1400
> audit(1488393844.939:99): apparmor="DENIED"
>         operation="open" namespace="root//lxd-fadestest_<var-lib-lxd>"
> profile="snap.fades.fades" name="/etc/"
>         pid=10606 comm="python" requested_mask="r" denied_mask="r"
> fsuid=165536 ouid=165536
> Which interface should I add to the snap for it to have read only access
> to /etc?
> Thanks!
> --
> .   Facundo
> .
> Canonical - Online Services
> --
> Snapcraft mailing list
> Snapcraft at
> Modify settings or unsubscribe at:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Snapcraft mailing list