On Sat, 2017-02-04 at 12:00 +0100, Luca Dionisi wrote: > On Sat, Feb 4, 2017 at 11:43 AM, Oliver Grawert <o...@ubuntu.com> wrote: > > > > hi, > > Am Freitag, den 03.02.2017, 21:04 +0100 schrieb Luca Dionisi: > > > > > > What is the best place to write (and read) a temporary FIFO file from > > > a confined snap application? > > > This is for simple IPC between 2 processes of the same snap. > > > Before attempting to snap the application I was using a fixed > > > filename > > > in /tmp. Admittedly poor solution. > > > The solution should be usable also with another packaging system. > > > > > well ... in case of snaps /tmp is a private directory that only your > > snap can access so it is actually a good place for such stuff ... > It's worse than that, Jim! > > Inside the snap environment I can write files and directories both in > /tmp and in $XDG_RUNTIME_DIR. > What I cannot do anywhere is create a FIFO. > > bash-4.3$ mkfifo a > bash: /usr/bin/mkfifo: Permission denied > > What's the problem here?
See https://github.com/snapcore/snapd/pull/2749 which adds support for mkfifo </tldr> At the lowest levels, mkfifo and mknod are (currently) blocked because they use the mknod syscall and the mknod syscall can be used to create devices. If we allowed the use of mknod, a snap could create a device in SNAP_DATA and talk to the kernel through the device (eg, raw access to your disk). The above referenced PR limits how mknod can be used to create regular files, pipes and sockets but not block and character devices. As such, we are adding the mknod and mkfifo commands as part of that PR and this should be available for use in snapd 2.23. -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
