Allow snap to execute a program in /usr/bin


My snap needs to run an executable in /usr/bin but I can’t seem to find the right configuration to allow that. My snap is currently configured for strict confinement and has this plug:

interface: system-files
- /usr/bin/pass
- /bin/pass

when the snap is installed and the plug connected, the program crashes with ‘no such file or directory’. And it doesn’t matter if i try to run the process just by calling pass, relying on $PATH or if i spell out the path to it. This works fine when the app is run not as a snap.

Any helpl with this would be much appreciated!

Your snap has no access to the host system’s /usr/bin folder. The correct way to do this is to ship the pass executable inside your snap and access it via $SNAP/path/to/pass. If the app is hard coded to require the executable reside in /usr/bin then you can use the layout feature to map the file to the right place:

    bind-file: $SNAP/path/to/pass

Note that your system-files interface will grant privilege, but you’re accessing the wrong path - it would need to be accessed via /var/lib/snapd/hostfs/usr/bin - I’m not sure whether you need to amend the configuration of the system files interface for that path or not. That aside, however, you would require that users manually grant the permission after they’ve installed your app - the store will almost certainly refuse to grant an automatic connection for this access.