To make the review of your request easier, please use the following template to provide all the required details and also include any other information that may be relevant.
- name: grafito
- description: Grafito is a simple, self-contained web-based log viewer for journalctl. It provides an intuitive interface to browse and filter system logs directly from your web browser.
- snapcraft: URL pointing to the snapcraft.yaml if publicly available
- upstream: URL pointing to the upstream repository, if open-source. Otherwise, ‘PRIVATE’
- upstream-relation: I’m a grafito user who would love a better way to install it.
- supported-category: tools for local (?)
- reasoning: As far as I understand there is no interface that let run
systemctl list-units
. Without classic confinement this application can’t executesystemctl list-units
.
This is the log I see when I run it without classic confinement:
$ grafito
2025-06-06T14:08:20.024732Z INFO - grafito: Starting Grafito server on 127.0.0.1:3000
2025-06-06T14:08:20.024733Z WARN - grafito: Basic Authentication is DISABLED. To enable, set GRAFITO_AUTH_USER and GRAFITO_AUTH_PASS environment variables.
2025-06-06T14:08:20.024837Z INFO - kemal: [development] Kemal is ready to lead at http://127.0.0.1:3000
2025-06-06T14:08:26.221941Z INFO - kemal: 200 GET /?priority=5&col-visible-timestamp=on&col-visible-hostname=on&col-visible-unit=on&col-visible-priority=on&col-visible-message=on 1.37ms
2025-06-06T14:08:26.246603Z DEBUG - grafito: Received /services request
2025-06-06T14:08:26.246603Z DEBUG - journalctl: Executing Journalctl.known_service_units
2025-06-06T14:08:26.246618Z DEBUG - journalctl: Generated systemctl command: ["systemctl", "list-units", "--type=service", "--all", "--no-legend", "--plain"]
2025-06-06T14:08:26.247327Z ERROR - journalctl: Error executing systemctl for known_service_units.
Error executing process: 'systemctl': Permission denied (File::AccessDeniedError)
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from /snap/grafito/x1/bin/grafito in '??'
from ???
2025-06-06T14:08:26.247346Z INFO - kemal: 500 GET /services 767.84µs
2025-06-06T14:08:26.251502Z DEBUG - grafito: Received /logs request with query params: URI::Params{"q" => [""], "unit" => [""], "tag" => [""], "hostname" => [""], "since" => [""], "priority" => ["5"], "col-visible-timestamp" => ["on"], "col-visible-hostname" => ["on"], "col-visible-unit" => ["on"], "col-visible-priority" => ["on"], "col-visible-message" => ["on"]}
I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap to work under strict confinement.
Note that snappy-debug can be used to identify possible required interfaces. See https://snapcraft.io/docs/debug-snaps for more information.