Access to /run/snap.$SNAP_NAME.*

svet · April 13, 2022, 9:59pm

Based on a couple of forum comments, namely here and some log messages here, I’m led to believe that snaps can write to /run/snap.$SNAP_NAME.*. Can anyone confirm this, and is it documented anywhere?

I have a snap that tries to create a directory with a name matching that format, but it gets a Permission denied error. This is under

$ snap version
snap    2.54.4
snapd   2.54.4
series  16
ubuntu  18.04
kernel  4.15.0-156-generic

Any pointers?

mborzecki · April 14, 2022, 6:45am

It’s /run/snap.$SNAP_NAME/, the exact rules are:

  /run/snap.@{SNAP_INSTANCE_NAME}/ rw,
  /run/snap.@{SNAP_INSTANCE_NAME}/** mrwklix,

see https://github.com/snapcore/snapd/blob/a1912d6257bc0ea5001e585cd4022a150e259431/interfaces/apparmor/template.go#L461-L464

svet · April 14, 2022, 8:46am

Thanks for confirming @mborzecki - that works now!