"Snap" question

Fri Dec 11 01:38:24 UTC 2020

At Fri, 11 Dec 2020 00:33:38 +0100 "Ubuntu user technical support,  not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:

> 
> hi,
> Am Donnerstag, den 10.12.2020, 18:13 -0500 schrieb Robert Heller:
> > I just installed xv under snap using the instructions here:
> > 
> > https://snapcraft.io/install/xv/ubuntu
> > 
> > And I am encountering a "weirdness" (at least to me).  I can only
> > access and 
> > view images that are under $HOME.  Images located elsewhere yield a
> > file not 
> > found error (the files are in fact there and I was able to view them
> > with xv 
> > installed under CentOS 6 (from a standard RPM).
> 
> this is pretty normal behavior for confined snaps, they access the
> outside world of their confinement vi interfaces, typically desktop
> apps have the home interface auto-connected (as you found) that enables
> you to access all iles in ~/ with the exception of any hidden dirs (so
> we can guarantee that a snapped app can not access any information of
> any other app unless you allow it to explicitly)
> 
> often apps also have the removable-media interface available, that
> allows access to /mnt and /media ... so the easiest to give apps access
> to your additional disks would be to mount them there ... 
> 
> one part of file access confinement is managed by the kernels apparmor
> security mechanism, apparmor does not allow you to follow links t
> outside areas of teh defined confinement *but* it allows access to
> mounts, so another option to gain access to your disks is to simply set
> up a bind mount between their mount points and an accessible place
> (/home/mydisk-foo ... /media/mydisk-bar ... )
> 
> 
> > Is there some "magic" to allow xv to view files anywhere on any file
> > system 
> > (permissions permitting)?
> 
> all that above said, the xv snap is clearly only available in the edge
> channel *and* only installable by defining --devmode ...
> 
> the first one here tells you that this snap is not really done yet,
> typically things in edge are under development, untested, buggy etc 
> 
> second, if you install it with the --devmode option (as installing it
> from comandline will suggest to you) you turn off all confinement and
> as such, you should be able to access any place on the filesystem.
> 
> did you use --jailmode instead of -devmode when installing it ?
> 

I used -edge and -devmode.  Was that the mistake?

> ciao
> 	oli
> 

-- 
Robert Heller             -- Cell: 413-658-7953 GV: 978-633-5364
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services