Hi, I would like to publish a snap that I am working on that needs read access to all areas of the system including multiple file systems at different mountpoints as well as Openvswitch data and write the results to whatever location the user chooses on the local filesystem. In order to do this I would like publish this snap as classic.
I’ve added the removable-media interface which will hopefully solve the problem of accessing remote filesystems (at least from /mnt or /media). I neglected to mention that the tools also needs to run commands like ‘ip netns list’, ‘ip link show’ and ps. The main blocker to not using classic still remains the need to read arbitrary data from openvswitch.
We spoke in person, but ‘access to files from anywhere’ isn’t quite specific enough. Can you describe why home and removeable-media are not sufficient (with some specific examples)?
As for the ip commands, the network-control interface should give you what you need.
Hi jdstrand, sure thing. When running on a system where the information I am after is not available in files under $HOME (e.g. when i am running against data captured by sosreport) I need to go get the live data from openvswitch. To do this I use the ovs client tools such as ovs-ofctl and ovs-vsctl which will query the ovs database for information.
I tried adding more interfaces and running in strict mode but cant get it to work:
root@snaptest:~# snap connections
Interface Plug Slot Notes
home ovs-stat:home :home -
network-control ovs-stat:network-control :network-control manual
openvswitch ovs-stat:openvswitch :openvswitch manual
removable-media ovs-stat:removable-media :removable-media manual
root@snaptest:~# ovs-stat| grep denied
Creating dataset…ERROR: unable to load bridge flows: ovs-ofctl: /var/run/openvswitch/br-data.mgmt: failed to open socket (Permission denied)
ovs-ofctl: /var/run/openvswitch/br-ex.mgmt: failed to open socket (Permission denied)
ovs-ofctl: /var/run/openvswitch/br-int.mgmt: failed to open socket (Permission denied)
ovs-ofctl: /var/run/openvswitch/br-tun.mgmt: failed to open socket (Permission denied)
ERROR: unable to load bridge ports: ovs-ofctl: /var/run/openvswitch/br-data.mgmt: failed to open socket (Permission denied)
ovs-ofctl: /var/run/openvswitch/br-ex.mgmt: failed to open socket (Permission denied)
ovs-ofctl: /var/run/openvswitch/br-int.mgmt: failed to open socket (Permission denied)
ovs-ofctl: /var/run/openvswitch/br-tun.mgmt: failed to open socket (Permission denied)
This openvswitch interface allows access to /run/openvswitch/db.sock. It seems like there are additional sockets that should be allowed. Can you provide a link to relevant documentation and we can update the interface?
Hi jdstrand, I’m not using anything different to what the standard tools are using i.e. i am simply running commands like ovs-vsctl show and ovs-ofctl dump-flows so will therefore be using the default ovs socket. I would therefore expect the openvswitch interface to work for my use case but it does not appear to do so.
I’ve raised a pull request to get the necessary sockets added to the openvswitch interface - https://github.com/snapcore/snapd/pull/7532
All good, managed to get it all working and released to stable [1]. Thanks for the help.