The results are the very same (apart for "namespace") on a real machine, so the LXD container shouldn't be the cause.
On Sat, Feb 4, 2017 at 12:14 PM, Luca Dionisi <luca.dion...@gmail.com> wrote: > More in context: > > In a classic Ubuntu (but inside a LXD container) I run: > ubuntu@thorough-bear:~$ hello-world.sh > > This gives me a bash inside a snap environment. > There I run: > bash-4.3$ mkfifo --help > bash: /usr/bin/mkfifo: Permission denied > > If I run dmesg (outside the snap environment) it reports: > > [94156.909950] audit: type=1400 audit(1486206367.506:1768): apparmor="DENIED" > operation="exec" > namespace="root//lxd-thorough-bear_<var-lib-lxd>" > profile="snap.hello-world.sh" > name="/usr/bin/mkfifo" > pid=7925 > comm="bash" > requested_mask="x" > denied_mask="x" > fsuid=101000 > ouid=100000 > > [94156.910123] audit: type=1400 audit(1486206367.506:1769): apparmor="DENIED" > operation="open" > namespace="root//lxd-thorough-bear_<var-lib-lxd>" > profile="snap.hello-world.sh" > name="/usr/bin/mkfifo" > pid=7925 > comm="bash" > requested_mask="r" > denied_mask="r" > fsuid=101000 > ouid=100000 > > > > > On Sat, Feb 4, 2017 at 12:02 PM, Luca Dionisi <luca.dion...@gmail.com> wrote: >> Well, it seems that the problem is the userspace tool itself. >> bash-4.3$ mkfifo --help >> bash: /usr/bin/mkfifo: Permission denied >> >> On Sat, Feb 4, 2017 at 12:00 PM, Luca Dionisi <luca.dion...@gmail.com> wrote: >>> On Sat, Feb 4, 2017 at 11:43 AM, Oliver Grawert <o...@ubuntu.com> wrote: >>>> hi, >>>> Am Freitag, den 03.02.2017, 21:04 +0100 schrieb Luca Dionisi: >>>>> What is the best place to write (and read) a temporary FIFO file from >>>>> a confined snap application? >>>>> This is for simple IPC between 2 processes of the same snap. >>>>> Before attempting to snap the application I was using a fixed >>>>> filename >>>>> in /tmp. Admittedly poor solution. >>>>> The solution should be usable also with another packaging system. >>>>> >>>> well ... in case of snaps /tmp is a private directory that only your >>>> snap can access so it is actually a good place for such stuff ... >>> >>> It's worse than that, Jim! >>> >>> Inside the snap environment I can write files and directories both in >>> /tmp and in $XDG_RUNTIME_DIR. >>> What I cannot do anywhere is create a FIFO. >>> >>> bash-4.3$ mkfifo a >>> bash: /usr/bin/mkfifo: Permission denied >>> >>> What's the problem here? >>> >>> To be honest I should say that my tests have been conducted in LXD >>> containers. I don't know if the situation holds true also in real >>> machines. -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
