chroot into a snap
Thomas Voß
thomas.voss at canonical.com
Thu Feb 9 09:32:35 UTC 2017
Hey Roberto,
On Wed, Feb 8, 2017 at 4:54 PM, Roberto Mier Escandón
<roberto.escandon at canonical.com> wrote:
> Hey engineers,
>
> I need some ideas to solve this: I'm trying to snap collaboraoffice
> online but that's not being easy at all. FYI: this is a kind of Google
> Drive stuff so that when you request in your browser certain document,
> it is rendered and can be edit by many at the same time, etc..
>
> Though I've been able to build from sources a snap package, that is only
> working in classic confinement but not in devmode or strict.
>
> The reason is because the way it works:
> - There is a server listening for documents requests
> - for every new document requested an instance of a document manager is
> started in a chrooted environment
> - If requested n documents there will be n different chroot jails based
> in same certain template
> - document manager has certain linux capabilities to create the needed
> roots (cap_fowner,cap_mknod,cap_sys_chroot...)
> - the way of packaging the snap, currently, is by setting those caps and
> call mksquashfs skipping -no-attrs option set by default by snapcraft
>
Could you please elaborate what is not working and how it fails?
System logs, apparmor denials
and seccomp messages would be needed here for further debugging.
What is going wrong in the devmode case?
Thanks,
Thomas
> I thought about a solution of having server in a snap and document
> manager in another, but still there would be needed calling chroot for
> every new document... ideas?
>
> BR.
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
More information about the Snapcraft
mailing list