content interface, DENIED mounting $SNAP/mydir

knitzsche kyle.nitzsche at canonical.com
Thu Mar 9 15:26:50 UTC 2017 

I'd like to propose adding a way to declare in snapcraft.yaml that a 
folder under SNAP_COMMON (or SNAP_DATA) be created if it does not exist.

Even though interface hooks (future) would seem to support this, it 
seems a common case so a simpler solution seems apt.

The particular issue it would solve is auto connecting to a content 
interface mount. Currently, one needs to create the SNAP_COMMON/dir 
(into which the content is mounted) *before* connecting the interface, 
and it is hard to do that when the interface is auto-connected.

Cheers,
kyleN


On 03/02/2017 01:33 PM, knitzsche wrote:
> Hi,
>
> I am trying to use the wifi-ap content sharing interface.
>
> It is DENIED (see below) when I try to use a $SNAP directory.
>
> It works when I instead use $SNAP_DATA directory for the content
> sharing. But, I have to create that directory at run time: I can't
> figure out so far how to create (from snapcraft.yaml) an empty dir in
> $SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve my
> problem.)
>
> To auto connect the interface (via a store snap declaration), I suppose
> the directory must be present at install time. So  creating the dir at
> run time does not seem sufficient for the auto-connect requirement.
>
> Help appreciated.
>
> == Details when trying to use SNAP dir for content sharing:
>
> snapcraft.yaml snippet:
>
> apps:
>   wifi-ap:
>     command: bin/wifi-ap
>     plugs: [control, content]
>
> plugs:
>   control:
>     interface: content
>     content: socket-directory
>     target: $SNAP/sockets
> parts:
>   controldir:
>     plugin: dump
>     source: .
>     prime:
>       - sockets
>
> I connect my snap to the interface apparently successfully:
> $ sudo snap connect serv:control wifi-ap:control
>
> Verify connection:
> $ snap interfaces | grep serv | grep "wifi-ap:"
> wifi-ap:control           serv
>
> But the bind mount was DENIED:
> Mar 02 18:01:02 localhost.localdomain kernel: audit: type=1400
> audit(1488477662.292:350110): apparmor="DENIED" operation="mount"
> info="failed srcname match" error=-13
> profile="/usr/lib/snapd/snap-confine" name="/snap/serv/x3/sockets/"
> pid=11461 comm="snap-confine" srcname="/var/snap/wifi-ap/94/sockets/"
> flags="rw, bind"
>
> Both wifi-ap snap and my snap seem to have the required directories:
> $ ls /var/snap/wifi-ap/94/sockets/
> control
> knitzsche at localhost:~$ ls /snap/serv/x3/
> bin  command-run.wrapper  command-scan.wrapper  command-wifi-ap.wrapper
> meta  snap  sockets
>
> Cheers,
> kyleN
>
>
>
>

More information about the Snapcraft mailing list