I’ve created a snap of WireGuard’s userspace implementation, which appears to work well in devmode. But after confinement, I get an error as soon as the engine starts up and tries to write to
mkdir /var/run/wireguard: permission denied
This is not surprising of course, as the snap doesn’t have write access to that path. What options to I have to get this to run?
To be clear, the program itself doesn’t appear to have an option flag that would make it save its runtime socket file elsewhere (though I also haven’t looked way too hard). I could patch the codebase of course, but I’d rather look for another solution first.
Specifically, I’ve considered:
- Any interface that would give access to
- Maybe I should set up a layout? (Snap Layouts)
- Some other way I’m missing
Any pointers would be appreciated!