chroot into a snap
Roberto Mier Escandón
roberto.escandon at canonical.com
Wed Feb 8 15:54:10 UTC 2017
Hey engineers,
I need some ideas to solve this: I'm trying to snap collaboraoffice
online but that's not being easy at all. FYI: this is a kind of Google
Drive stuff so that when you request in your browser certain document,
it is rendered and can be edit by many at the same time, etc..
Though I've been able to build from sources a snap package, that is only
working in classic confinement but not in devmode or strict.
The reason is because the way it works:
- There is a server listening for documents requests
- for every new document requested an instance of a document manager is
started in a chrooted environment
- If requested n documents there will be n different chroot jails based
in same certain template
- document manager has certain linux capabilities to create the needed
roots (cap_fowner,cap_mknod,cap_sys_chroot...)
- the way of packaging the snap, currently, is by setting those caps and
call mksquashfs skipping -no-attrs option set by default by snapcraft
I thought about a solution of having server in a snap and document
manager in another, but still there would be needed calling chroot for
every new document... ideas?
BR.
More information about the Snapcraft
mailing list