content interface, DENIED mounting $SNAP/mydir

knitzsche kyle.nitzsche at
Thu Mar 9 15:26:50 UTC 2017

I'd like to propose adding a way to declare in snapcraft.yaml that a 
folder under SNAP_COMMON (or SNAP_DATA) be created if it does not exist.

Even though interface hooks (future) would seem to support this, it 
seems a common case so a simpler solution seems apt.

The particular issue it would solve is auto connecting to a content 
interface mount. Currently, one needs to create the SNAP_COMMON/dir 
(into which the content is mounted) *before* connecting the interface, 
and it is hard to do that when the interface is auto-connected.


On 03/02/2017 01:33 PM, knitzsche wrote:
> Hi,
> I am trying to use the wifi-ap content sharing interface.
> It is DENIED (see below) when I try to use a $SNAP directory.
> It works when I instead use $SNAP_DATA directory for the content
> sharing. But, I have to create that directory at run time: I can't
> figure out so far how to create (from snapcraft.yaml) an empty dir in
> $SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve my
> problem.)
> To auto connect the interface (via a store snap declaration), I suppose
> the directory must be present at install time. So  creating the dir at
> run time does not seem sufficient for the auto-connect requirement.
> Help appreciated.
> == Details when trying to use SNAP dir for content sharing:
> snapcraft.yaml snippet:
> apps:
>   wifi-ap:
>     command: bin/wifi-ap
>     plugs: [control, content]
> plugs:
>   control:
>     interface: content
>     content: socket-directory
>     target: $SNAP/sockets
> parts:
>   controldir:
>     plugin: dump
>     source: .
>     prime:
>       - sockets
> I connect my snap to the interface apparently successfully:
> $ sudo snap connect serv:control wifi-ap:control
> Verify connection:
> $ snap interfaces | grep serv | grep "wifi-ap:"
> wifi-ap:control           serv
> But the bind mount was DENIED:
> Mar 02 18:01:02 localhost.localdomain kernel: audit: type=1400
> audit(1488477662.292:350110): apparmor="DENIED" operation="mount"
> info="failed srcname match" error=-13
> profile="/usr/lib/snapd/snap-confine" name="/snap/serv/x3/sockets/"
> pid=11461 comm="snap-confine" srcname="/var/snap/wifi-ap/94/sockets/"
> flags="rw, bind"
> Both wifi-ap snap and my snap seem to have the required directories:
> $ ls /var/snap/wifi-ap/94/sockets/
> control
> knitzsche at localhost:~$ ls /snap/serv/x3/
> bin  command-run.wrapper  command-scan.wrapper  command-wifi-ap.wrapper
> meta  snap  sockets
> Cheers,
> kyleN

More information about the Snapcraft mailing list