I am trying to create a snap which will create a TUN interface. I used the debug tools provided:
- sudo snap install snappy-debug
- sudo snap connect snappy-debug:log-observe
- sudo /snap/bin/snappy-debug.security scanlog
One particular message caught my eye (one time only) which was:
= AppArmor =
Time: Apr 8 12:42:29
Log: apparmor="ALLOWED" operation="capable" info="optional: no audit" error=-1 profile="snap.dovholuk.tunThing" pid=7224 comm="tunThing" capability=12 capname="net_admin"
Capability: net_admin
Suggestions:
* adjust program to not require 'CAP_NET_ADMIN' (see 'man 7 capabilities')
* add one of 'bluetooth-control, firewall-control, netlink-audit, netlink-connector, network-control' to 'plugs'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing (https://launchpad.net/bugs/1465724)
I started by adding only network-control
but when that didnāt work I went whole-hog and issued all the plugs listed: ābluetooth-control, firewall-control, netlink-audit, netlink-connector, network-controlā
JUST to see if one of them worked - and which one contained the magical capability I neededā¦ None of them seem to provide this capability. The referenced bug at https://bugs.launchpad.net/snappy/+bug/1465724 is marked as resolved but itās not exactly the same scenario as what weāre up to.
Any pointers/thoughts/tips/tricks are appreciated. Thanks for your time