Where to save stuff (in snap-agnostic way)

Luca Dionisi luca.dionisi at gmail.com
Sat Feb 4 11:20:35 UTC 2017 

The results are the very same (apart for "namespace") on a real
machine, so the LXD container shouldn't be the cause.

On Sat, Feb 4, 2017 at 12:14 PM, Luca Dionisi <luca.dionisi at gmail.com> wrote:
> More in context:
>
> In a classic Ubuntu (but inside a LXD container) I run:
> ubuntu at thorough-bear:~$ hello-world.sh
>
> This gives me a bash inside a snap environment.
> There I run:
> bash-4.3$ mkfifo --help
> bash: /usr/bin/mkfifo: Permission denied
>
> If I run dmesg (outside the snap environment) it reports:
>
> [94156.909950] audit: type=1400 audit(1486206367.506:1768): apparmor="DENIED"
>    operation="exec"
>    namespace="root//lxd-thorough-bear_<var-lib-lxd>"
>    profile="snap.hello-world.sh"
>    name="/usr/bin/mkfifo"
>    pid=7925
>    comm="bash"
>    requested_mask="x"
>    denied_mask="x"
>    fsuid=101000
>    ouid=100000
>
> [94156.910123] audit: type=1400 audit(1486206367.506:1769): apparmor="DENIED"
>    operation="open"
>    namespace="root//lxd-thorough-bear_<var-lib-lxd>"
>    profile="snap.hello-world.sh"
>    name="/usr/bin/mkfifo"
>    pid=7925
>    comm="bash"
>    requested_mask="r"
>    denied_mask="r"
>    fsuid=101000
>    ouid=100000
>
>
>
>
> On Sat, Feb 4, 2017 at 12:02 PM, Luca Dionisi <luca.dionisi at gmail.com> wrote:
>> Well, it seems that the problem is the userspace tool itself.
>> bash-4.3$ mkfifo --help
>> bash: /usr/bin/mkfifo: Permission denied
>>
>> On Sat, Feb 4, 2017 at 12:00 PM, Luca Dionisi <luca.dionisi at gmail.com> wrote:
>>> On Sat, Feb 4, 2017 at 11:43 AM, Oliver Grawert <ogra at ubuntu.com> wrote:
>>>> hi,
>>>> Am Freitag, den 03.02.2017, 21:04 +0100 schrieb Luca Dionisi:
>>>>> What is the best place to write (and read) a temporary FIFO file from
>>>>> a confined snap application?
>>>>> This is for simple IPC between 2 processes of the same snap.
>>>>> Before attempting to snap the application I was using a fixed
>>>>> filename
>>>>> in /tmp. Admittedly poor solution.
>>>>> The solution should be usable also with another packaging system.
>>>>>
>>>> well ... in case of snaps /tmp is a private directory that only your
>>>> snap can access so it is actually a good place for such stuff ...
>>>
>>> It's worse than that, Jim!
>>>
>>> Inside the snap environment I can write files and directories both in
>>> /tmp and in $XDG_RUNTIME_DIR.
>>> What I cannot do anywhere is create a FIFO.
>>>
>>> bash-4.3$ mkfifo a
>>> bash: /usr/bin/mkfifo: Permission denied
>>>
>>> What's the problem here?
>>>
>>> To be honest I should say that my tests have been conducted in LXD
>>> containers. I don't know if the situation holds true also in real
>>> machines.

More information about the Snapcraft mailing list