content interface, DENIED mounting $SNAP/mydir
kyle.nitzsche at canonical.com
Thu Mar 9 15:26:50 UTC 2017
I'd like to propose adding a way to declare in snapcraft.yaml that a
folder under SNAP_COMMON (or SNAP_DATA) be created if it does not exist.
Even though interface hooks (future) would seem to support this, it
seems a common case so a simpler solution seems apt.
The particular issue it would solve is auto connecting to a content
interface mount. Currently, one needs to create the SNAP_COMMON/dir
(into which the content is mounted) *before* connecting the interface,
and it is hard to do that when the interface is auto-connected.
On 03/02/2017 01:33 PM, knitzsche wrote:
> I am trying to use the wifi-ap content sharing interface.
> It is DENIED (see below) when I try to use a $SNAP directory.
> It works when I instead use $SNAP_DATA directory for the content
> sharing. But, I have to create that directory at run time: I can't
> figure out so far how to create (from snapcraft.yaml) an empty dir in
> $SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve my
> To auto connect the interface (via a store snap declaration), I suppose
> the directory must be present at install time. So creating the dir at
> run time does not seem sufficient for the auto-connect requirement.
> Help appreciated.
> == Details when trying to use SNAP dir for content sharing:
> snapcraft.yaml snippet:
> command: bin/wifi-ap
> plugs: [control, content]
> interface: content
> content: socket-directory
> target: $SNAP/sockets
> plugin: dump
> source: .
> - sockets
> I connect my snap to the interface apparently successfully:
> $ sudo snap connect serv:control wifi-ap:control
> Verify connection:
> $ snap interfaces | grep serv | grep "wifi-ap:"
> wifi-ap:control serv
> But the bind mount was DENIED:
> Mar 02 18:01:02 localhost.localdomain kernel: audit: type=1400
> audit(1488477662.292:350110): apparmor="DENIED" operation="mount"
> info="failed srcname match" error=-13
> profile="/usr/lib/snapd/snap-confine" name="/snap/serv/x3/sockets/"
> pid=11461 comm="snap-confine" srcname="/var/snap/wifi-ap/94/sockets/"
> flags="rw, bind"
> Both wifi-ap snap and my snap seem to have the required directories:
> $ ls /var/snap/wifi-ap/94/sockets/
> knitzsche at localhost:~$ ls /snap/serv/x3/
> bin command-run.wrapper command-scan.wrapper command-wifi-ap.wrapper
> meta snap sockets
More information about the Snapcraft