Where to save stuff (in snap-agnostic way)

Luca Dionisi luca.dionisi at gmail.com
Sat Feb 4 11:14:06 UTC 2017 

More in context:

In a classic Ubuntu (but inside a LXD container) I run:
ubuntu at thorough-bear:~$ hello-world.sh

This gives me a bash inside a snap environment.
There I run:
bash-4.3$ mkfifo --help
bash: /usr/bin/mkfifo: Permission denied

If I run dmesg (outside the snap environment) it reports:

[94156.909950] audit: type=1400 audit(1486206367.506:1768): apparmor="DENIED"
   operation="exec"
   namespace="root//lxd-thorough-bear_<var-lib-lxd>"
   profile="snap.hello-world.sh"
   name="/usr/bin/mkfifo"
   pid=7925
   comm="bash"
   requested_mask="x"
   denied_mask="x"
   fsuid=101000
   ouid=100000

[94156.910123] audit: type=1400 audit(1486206367.506:1769): apparmor="DENIED"
   operation="open"
   namespace="root//lxd-thorough-bear_<var-lib-lxd>"
   profile="snap.hello-world.sh"
   name="/usr/bin/mkfifo"
   pid=7925
   comm="bash"
   requested_mask="r"
   denied_mask="r"
   fsuid=101000
   ouid=100000




On Sat, Feb 4, 2017 at 12:02 PM, Luca Dionisi <luca.dionisi at gmail.com> wrote:
> Well, it seems that the problem is the userspace tool itself.
> bash-4.3$ mkfifo --help
> bash: /usr/bin/mkfifo: Permission denied
>
> On Sat, Feb 4, 2017 at 12:00 PM, Luca Dionisi <luca.dionisi at gmail.com> wrote:
>> On Sat, Feb 4, 2017 at 11:43 AM, Oliver Grawert <ogra at ubuntu.com> wrote:
>>> hi,
>>> Am Freitag, den 03.02.2017, 21:04 +0100 schrieb Luca Dionisi:
>>>> What is the best place to write (and read) a temporary FIFO file from
>>>> a confined snap application?
>>>> This is for simple IPC between 2 processes of the same snap.
>>>> Before attempting to snap the application I was using a fixed
>>>> filename
>>>> in /tmp. Admittedly poor solution.
>>>> The solution should be usable also with another packaging system.
>>>>
>>> well ... in case of snaps /tmp is a private directory that only your
>>> snap can access so it is actually a good place for such stuff ...
>>
>> It's worse than that, Jim!
>>
>> Inside the snap environment I can write files and directories both in
>> /tmp and in $XDG_RUNTIME_DIR.
>> What I cannot do anywhere is create a FIFO.
>>
>> bash-4.3$ mkfifo a
>> bash: /usr/bin/mkfifo: Permission denied
>>
>> What's the problem here?
>>
>> To be honest I should say that my tests have been conducted in LXD
>> containers. I don't know if the situation holds true also in real
>> machines.

More information about the Snapcraft mailing list