chroot into a snap

Thomas Voß thomas.voss at canonical.com
Thu Feb 9 13:33:01 UTC 2017 

I think you want:

  https://github.com/snapcore/snapd/blob/master/interfaces/builtin/home.go

Why would you need to access documents in other snaps?

On Thu, Feb 9, 2017 at 2:26 PM, Roberto Mier Escandón 
<roberto.escandon at canonical.com> wrote:
> awsome Thomas!. You got it!. Having the doc in any snap path can be
> rendered.
> So, that answers the point of chroot working ok, but now there is
> another problem: How can I access documents in other snaps? Can content
> interface solve this? (I'll try)
>
> On 09/02/17 14:04, Thomas Voß wrote:
>> On Thu, Feb 9, 2017 at 11:35 AM, Roberto Mier Escandón 
>> <roberto.escandon at canonical.com> wrote:
>>>
>>> Hey Thomas,
>>>
>>> You can find the snap at [1]
>>> Atttached are traces for:
>>>
>>> Devmode:
>>> - service.txt are the logs of the service
>>> - syslog.txt and snappy-debug.security.txt are the logs to see apparmor
>>> denials (warnings in this case). I cannot see more than ptrace ones.
>>>
>>> Classic:
>>> - service.classic.txt
>>> here i don't see any denial
>>>
>>> The only error shown is that the document has not been found. But the
>>> url is the same in classic or devmode, so that's not the reason of the
>>> problem.
>>>
>>
>> Okay, so I don't see the chroot setup failing at all (according to
>> your logs). Where is the document located in the local file system?
>> If your snap works with classic confinement, it might live outside of
>> the snap itself.
>>
>>>
>>> [1] https://github.com/rmescandon/loolwsd-snap
>>>
>>> BR.
>>>
>>> On 09/02/17 10:32, Thomas Voß wrote:
>>>> Hey Roberto,
>>>>
>>>> On Wed, Feb 8, 2017 at 4:54 PM, Roberto Mier Escandón 
>>>> <roberto.escandon at canonical.com> wrote:
>>>>> Hey engineers,
>>>>>
>>>>> I need some ideas to solve this: I'm trying to snap collaboraoffice
>>>>> online but that's not being easy at all. FYI: this is a kind of Google
>>>>> Drive stuff so that when you request in your browser certain document,
>>>>> it is rendered and can be edit by many at the same time, etc..
>>>>>
>>>>> Though I've been able to build from sources a snap package, that is only
>>>>> working in classic confinement but not in devmode or strict.
>>>>>
>>>>> The reason is because the way it works:
>>>>> - There is a server listening for documents requests
>>>>> - for every new document requested an instance of a document manager is
>>>>> started in a chrooted environment
>>>>> - If requested n documents there will be n different chroot jails based
>>>>> in same certain template
>>>>> - document manager has certain linux capabilities to create the needed
>>>>> roots (cap_fowner,cap_mknod,cap_sys_chroot...)
>>>>> - the way of packaging the snap, currently, is by setting those caps and
>>>>> call mksquashfs skipping -no-attrs option set by default by snapcraft
>>>>>
>>>>
>>>> Could you please elaborate what is not working and how it fails?
>>>> System logs, apparmor denials
>>>> and seccomp messages would be needed here for further debugging.
>>>>
>>>> What is going wrong in the devmode case?
>>>>
>>>> Thanks,
>>>>
>>>>   Thomas
>>>>
>>>>> I thought about a solution of having server in a snap and document
>>>>> manager in another, but still there would be needed calling chroot for
>>>>> every new document... ideas?
>>>>>
>>>>> BR.
>>>>>
>>>>> --
>>>>> Snapcraft mailing list
>>>>> Snapcraft at lists.snapcraft.io
>>>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
>>>>
>>>
>>> --
>>> Snapcraft mailing list
>>> Snapcraft at lists.snapcraft.io
>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
>>>
>>
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft

More information about the Snapcraft mailing list