Re: content interface, DENIED mounting $SNAP/mydir

2017-03-09 Thread knitzsche 
I'd like to propose adding a way to declare in snapcraft.yaml that a 
folder under SNAP_COMMON (or SNAP_DATA) be created if it does not exist.


Even though interface hooks (future) would seem to support this, it 
seems a common case so a simpler solution seems apt.


The particular issue it would solve is auto connecting to a content 
interface mount. Currently, one needs to create the SNAP_COMMON/dir 
(into which the content is mounted) *before* connecting the interface, 
and it is hard to do that when the interface is auto-connected.


Cheers,
kyleN


On 03/02/2017 01:33 PM, knitzsche wrote:

Hi,

I am trying to use the wifi-ap content sharing interface.

It is DENIED (see below) when I try to use a $SNAP directory.

It works when I instead use $SNAP_DATA directory for the content
sharing. But, I have to create that directory at run time: I can't
figure out so far how to create (from snapcraft.yaml) an empty dir in
$SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve my
problem.)

To auto connect the interface (via a store snap declaration), I suppose
the directory must be present at install time. So  creating the dir at
run time does not seem sufficient for the auto-connect requirement.

Help appreciated.

== Details when trying to use SNAP dir for content sharing:

snapcraft.yaml snippet:

apps:
  wifi-ap:
command: bin/wifi-ap
plugs: [control, content]

plugs:
  control:
interface: content
content: socket-directory
target: $SNAP/sockets
parts:
  controldir:
plugin: dump
source: .
prime:
  - sockets

I connect my snap to the interface apparently successfully:
$ sudo snap connect serv:control wifi-ap:control

Verify connection:
$ snap interfaces | grep serv | grep "wifi-ap:"
wifi-ap:control   serv

But the bind mount was DENIED:
Mar 02 18:01:02 localhost.localdomain kernel: audit: type=1400
audit(1488477662.292:350110): apparmor="DENIED" operation="mount"
info="failed srcname match" error=-13
profile="/usr/lib/snapd/snap-confine" name="/snap/serv/x3/sockets/"
pid=11461 comm="snap-confine" srcname="/var/snap/wifi-ap/94/sockets/"
flags="rw, bind"

Both wifi-ap snap and my snap seem to have the required directories:
$ ls /var/snap/wifi-ap/94/sockets/
control
knitzsche@localhost:~$ ls /snap/serv/x3/
bin  command-run.wrapper  command-scan.wrapper  command-wifi-ap.wrapper
meta  snap  sockets

Cheers,
kyleN






--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: content interface, DENIED mounting $SNAP/mydir

2017-03-03 Thread Oliver Grawert 
hi,
Am Donnerstag, den 02.03.2017, 13:33 -0500 schrieb knitzsche:
> 
> It is DENIED (see below) when I try to use a $SNAP directory.

the $SNAP directory is root owned and readonly (it is the mounted
squashfs), the $SNAP_DATA dir is likewise root owned (but indeed
writable). even if you have a dir in either of them serving as
mountpoint and confinement allowed mounting you'd still need sudo for
the command to overcome the filesystem permission blocking...

ciao
oli

signature.asc
Description: This is a digitally signed message part
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: content interface, DENIED mounting $SNAP/mydir

2017-03-03 Thread Simon Fels 
On 03.03.2017 08:37, XiaoGuo Liu wrote:
> Can we use the configure hook to create the directory at installation?

No, as it runs after the automatic connection of plugs/slots defined in
the snap-declaration.

regards,
Simon


-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: content interface, DENIED mounting $SNAP/mydir

2017-03-03 Thread Roberto Mier Escandón  
Hey Kyle,

If this is of help, you can check how I did it in the case of Collabora
Office snap [1] using Nextcloud [2] docs in write mode. I created the
target folder into "snap/" and then I referred it in
snapcraft.yaml plug skipping "snap" parent, like this:

target: 

though the folder was indeed at $SNAP/snap/


in CODE snapcraft.yaml you'll find
plugs:
  nextcloud-data:
content: nextcloud-documents
default-provider: nextcloud
interface: content
target: nextcloud-data

in Nextcloud .yaml you'll find
slots:
  nextcloud-data:
content: nextcloud-documents
interface: content
write:
 - $SNAP_COMMON/nextcloud/data


Cheers.

[1]
https://github.com/rmescandon/loolwsd-snap/blob/master/snap/snapcraft.yaml
[2]
https://github.com/rmescandon/nextcloud-snap/blob/content-share/snapcraft.yaml

On 02/03/17 19:33, knitzsche wrote:
> Hi,
> 
> I am trying to use the wifi-ap content sharing interface.
> 
> It is DENIED (see below) when I try to use a $SNAP directory.
> 
> It works when I instead use $SNAP_DATA directory for the content
> sharing. But, I have to create that directory at run time: I can't
> figure out so far how to create (from snapcraft.yaml) an empty dir in
> $SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve my
> problem.)
> 
> To auto connect the interface (via a store snap declaration), I suppose
> the directory must be present at install time. So  creating the dir at
> run time does not seem sufficient for the auto-connect requirement.
> 
> Help appreciated.
> 
> == Details when trying to use SNAP dir for content sharing:
> 
> snapcraft.yaml snippet:
> 
> apps:
>   wifi-ap:
> command: bin/wifi-ap
> plugs: [control, content]
> 
> plugs:
>   control:
> interface: content
> content: socket-directory
> target: $SNAP/sockets
> parts:
>   controldir:
> plugin: dump
> source: .
> prime:
>   - sockets
> 
> I connect my snap to the interface apparently successfully:
> $ sudo snap connect serv:control wifi-ap:control
> 
> Verify connection:
> $ snap interfaces | grep serv | grep "wifi-ap:"
> wifi-ap:control   serv
> 
> But the bind mount was DENIED:
> Mar 02 18:01:02 localhost.localdomain kernel: audit: type=1400
> audit(1488477662.292:350110): apparmor="DENIED" operation="mount"
> info="failed srcname match" error=-13
> profile="/usr/lib/snapd/snap-confine" name="/snap/serv/x3/sockets/"
> pid=11461 comm="snap-confine" srcname="/var/snap/wifi-ap/94/sockets/"
> flags="rw, bind"
> 
> Both wifi-ap snap and my snap seem to have the required directories:
> $ ls /var/snap/wifi-ap/94/sockets/
> control
> knitzsche@localhost:~$ ls /snap/serv/x3/
> bin  command-run.wrapper  command-scan.wrapper  command-wifi-ap.wrapper
> meta  snap  sockets
> 
> Cheers,
> kyleN
> 
> 
> 
> 

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: content interface, DENIED mounting $SNAP/mydir

2017-03-02 Thread XiaoGuo Liu 
Can we use the configure hook to create the directory at installation?

On Fri, Mar 3, 2017 at 3:06 PM, Simon Fels  wrote:

> On 03.03.2017 01:06, Michi Henning wrote:
> >
> >> On 3 Mar 2017, at 4:33 , knitzsche  >> > wrote:
> >>
> >> Hi,
> >>
> >> I am trying to use the wifi-ap content sharing interface.
> >>
> >> It is DENIED (see below) when I try to use a $SNAP directory.
> >>
> >> It works when I instead use $SNAP_DATA directory for the content
> >> sharing. But, I have to create that directory at run time: I can't
> >> figure out so far how to create (from snapcraft.yaml) an empty dir in
> >> $SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve
> >> my problem.)
> >
> >
> > We do this to create a directory:
> >
> > install: |
> >   # Make sure we have a mount point for ubuntu-app-platform
> >   mkdir -p $SNAPCRAFT_PART_INSTALL/ubuntu-app-platform
>
> That doesn't help much here as we're bind-mounting read/write data and
> that seems to be not possible to go into somewhere below $SNAP.
>
> I fear the only answer to this problem are interface hooks which would
> allow us to create the relevant directory before the bind-mount happens
> inside $SNAP_DATA.
>
> regards,
> Simon
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>



-- 
XiaoGuo, Liu
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: content interface, DENIED mounting $SNAP/mydir

2017-03-02 Thread Simon Fels 
On 03.03.2017 01:06, Michi Henning wrote:
> 
>> On 3 Mar 2017, at 4:33 , knitzsche > > wrote:
>>
>> Hi,
>>
>> I am trying to use the wifi-ap content sharing interface.
>>
>> It is DENIED (see below) when I try to use a $SNAP directory.
>>
>> It works when I instead use $SNAP_DATA directory for the content
>> sharing. But, I have to create that directory at run time: I can't
>> figure out so far how to create (from snapcraft.yaml) an empty dir in
>> $SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve
>> my problem.)
> 
> 
> We do this to create a directory:
> 
> install: |
>   # Make sure we have a mount point for ubuntu-app-platform
>   mkdir -p $SNAPCRAFT_PART_INSTALL/ubuntu-app-platform

That doesn't help much here as we're bind-mounting read/write data and
that seems to be not possible to go into somewhere below $SNAP.

I fear the only answer to this problem are interface hooks which would
allow us to create the relevant directory before the bind-mount happens
inside $SNAP_DATA.

regards,
Simon


-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: content interface, DENIED mounting $SNAP/mydir

2017-03-02 Thread Michi Henning 

> On 3 Mar 2017, at 4:33 , knitzsche  wrote:
> 
> Hi,
> 
> I am trying to use the wifi-ap content sharing interface.
> 
> It is DENIED (see below) when I try to use a $SNAP directory.
> 
> It works when I instead use $SNAP_DATA directory for the content sharing. 
> But, I have to create that directory at run time: I can't figure out so far 
> how to create (from snapcraft.yaml) an empty dir in $SNAP_COMMON or 
> $SNAP_DATA at install time. (Knowing this would solve my problem.)


We do this to create a directory:

install: |
  # Make sure we have a mount point for ubuntu-app-platform
  mkdir -p $SNAPCRAFT_PART_INSTALL/ubuntu-app-platform

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

content interface, DENIED mounting $SNAP/mydir

2017-03-02 Thread knitzsche 

Hi,

I am trying to use the wifi-ap content sharing interface.

It is DENIED (see below) when I try to use a $SNAP directory.

It works when I instead use $SNAP_DATA directory for the content 
sharing. But, I have to create that directory at run time: I can't 
figure out so far how to create (from snapcraft.yaml) an empty dir in 
$SNAP_COMMON or $SNAP_DATA at install time. (Knowing this would solve my 
problem.)


To auto connect the interface (via a store snap declaration), I suppose 
the directory must be present at install time. So  creating the dir at 
run time does not seem sufficient for the auto-connect requirement.


Help appreciated.

== Details when trying to use SNAP dir for content sharing:

snapcraft.yaml snippet:

apps:
  wifi-ap:
command: bin/wifi-ap
plugs: [control, content]

plugs:
  control:
interface: content
content: socket-directory
target: $SNAP/sockets
parts:
  controldir:
plugin: dump
source: .
prime:
  - sockets

I connect my snap to the interface apparently successfully:
$ sudo snap connect serv:control wifi-ap:control

Verify connection:
$ snap interfaces | grep serv | grep "wifi-ap:"
wifi-ap:control   serv

But the bind mount was DENIED:
Mar 02 18:01:02 localhost.localdomain kernel: audit: type=1400 
audit(1488477662.292:350110): apparmor="DENIED" operation="mount" 
info="failed srcname match" error=-13 
profile="/usr/lib/snapd/snap-confine" name="/snap/serv/x3/sockets/" 
pid=11461 comm="snap-confine" srcname="/var/snap/wifi-ap/94/sockets/" 
flags="rw, bind"


Both wifi-ap snap and my snap seem to have the required directories:
$ ls /var/snap/wifi-ap/94/sockets/
control
knitzsche@localhost:~$ ls /snap/serv/x3/
bin  command-run.wrapper  command-scan.wrapper  command-wifi-ap.wrapper 
meta  snap  sockets


Cheers,
kyleN




--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft