Cannot open removable media with write permissions even with the removable-media plug

I need to write to /dev/sdx which is why I put the removable-media plug in my snapcraft.yaml file.

Yet when I try to open /dev/sdb my app crashes:

thread ‘main’ panicked at ‘Could not open output file.: Os { code: 13, kind: PermissionDenied, message: “Permission denied” }’, src/frontend/mod.rs:206:30
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

(mod.rs:206)

Note that udisks2 is rightfully returning &output_drive.parent.device = "/dev/sdb" for the device path. I’m failing to open it with write access.

removable-media allows acces to the typical mount points where removable devices get mounted (/media, /mnt), not to the hardware devices themselves …

to access a raw disk device you would need to use the (highly privileged) block-devices interface …

$ snap interface block-devices
name:    block-devices
summary: allows access to disk block devices
slots:
  - core
$

being highly privileged, note that you will need to ask for permission for this interface if you want to upload a snap using it into the global store (the snap will be held during upload and you will have to open a forum topic with a store-request to get permission granted) …

1 Like

Unfortunately, even with this, the error persists.

name: nixwriter
...
parts:
  nixwriter:
    source: "."
    plugin: rust
    build-packages:
      - libgtk-3-dev
  
apps:
  nixwriter:
    command: bin/nixwriter
    extensions: [gnome-3-28]

    plugs:
      - desktop
      - desktop-legacy
      - x11
      - wayland
      - udisks2
      - removable-media
      - block-devices

(looks like another bug popped up too, there are now multiple entries of mounted media).

note that interfaces will not change any permissions of the device nodes … you will need to run the app with sudo to allow it access to the device …

1 Like

In such a case, I need to always launch the app with root privileges. I tried specifying Exec = pkexec nixwriter in the .desktop file but it fails. How does one launch a non-terminal snap app with root privilages?


I think this is a bug. For the .desktop file under my gui folder below:

[Desktop Entry]
Type=Application
Name=Nixwriter (Snap)
Comment=Create bootable Linux images with dd and from a GTK user interface
Terminal=false
Icon=${SNAP}/meta/gui/nixwriter.png
Exec=pkexec nixwriter
Category=Utility;

The generated desktop file is:

[Desktop Entry]
X-SnapInstanceName=nixwriter
Type=Application
Name=Nixwriter (Snap)
Comment=Create bootable Linux images with dd and from a GTK user interface
Terminal=false
Icon=/var/lib/snapd/snap/nixwriter/x5/meta/gui/nixwriter.png

Which is missing the Exec field.

this smells like a snapcraft bug …

I don’t think it has anything to do with Snapcraft: this looks like snapd ignoring the Exec line because “pkexec” is not a command provided by the snap.

1 Like