Classic confinement or...?

Hello, new to snaps. I am trying to get a snap to build on I have been trying every which way for the past little while to get strict confinement working. This snap creates both a QT and Electron wallet for a crypto coin (not its final location but a testbed). The compile builds the c++ code and QT wallet then builds an Electron wallet that uses the compiled binaries. The QT side of it works without a problem as do the cli binaries. I am getting the following error in snappy debug when running the electron app.

= AppArmor =
Time: Oct 15 18:59:09
Log: apparmor=“DENIED” operation=“open” profile=“snap.wagerr-ckti.electron” name="/proc/3857/setgroups" pid=3857 comm=“wagerr-electron” requested_mask=“w” denied_mask=“w” fsuid=1000 ouid=1000
File: /proc/3857/setgroups (write)

  • adjust program to not access ‘@{PROC}/@{pid}/setgroups’

The snap also needs the have mode 4755 set on the file “chrome-sandbox” which doesn’t work in the Snapcraft store. I have tried various plugs to get this to work as well as the snapcraft-preload module and various ways to build the electron part of the app — but no joy so far. Can someone point me in the right direction? Is classic confinement the only way forward? Or is there an exhaustive list of interfaces/plugs somewhere that i can try?
I’m wIlling to try anything at this point, can send exhaustive logging if needed &c.

<update> using --no-sandbox runs the electron wallet (with no graphics atm) it runs the binaries properly now (system-observe plug seems to sort out a few snappy-debug messages) … now to get the graphics to load inside the window

1 Like

<new update> got the app snapping standalone with strict and running with all graphics, just need to get it running in the integrated snap

1 Like

<final update>
Got it working in the end by going backwards, build the electron app first and bring in the qt binaries separately using wget from the release page

1 Like