Classic confinement request for 'nwd-agent'

NWDigital · July 10, 2025, 1:36pm

name: nwd-agent
description: Sends IP address, hostname and screenshot of Ubuntu Core devices to server, every X seconds. Requires my custom WordPress plugin installed on a server that is accessible to the device installing this snap on. Uses ubuntuframe.screenshot for taking the screenshot and requires the --devmode flag to work properly.
snapcraft: https://github.com/nwdigital/nwd-agent/blob/main/snap/snapcraft.yaml
upstream: https://github.com/nwdigital/nwd-agent/
upstream-relation: I am the developer and maintainer of this repository
supported-category: tools for local ?
reasoning: the snap is used as a monitoring tool for embedded ubuntu core devices on our network, it needs to take a screenshot and send it to a server I have built for monitoring devices for sanity reasons. The screenshot feature uses ubuntu-frame.screenshot and imagick to resize screenshots since ubuntu-frame.screenshot does not respect portrait layout. Without classic confinement or devmode flag, the screenshot service fails so I need classic confinement for this snap. This will help with updating the app on our devices too since I have to manually update each device using the snap in --devmode. As far as I know, there are no interfaces that would allow me to take screenshots without using devmode or classic confinement. Additionally, this snap in Unlisted in the snap store.

Here is a log when the snap is running successfully in --devmode:

2025-07-10T08:30:27-05:00 nwd-agent.nwd-agent[581340]: Running NWD-AGENT in default OS mode.
2025-07-10T08:30:27-05:00 nwd-agent.nwd-agent[581340]: /root/snap/ubuntu-frame/common/frame_2025-07-10T08:30-05:00.png
2025-07-10T08:30:28-05:00 nwd-agent.nwd-agent[581668]:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
2025-07-10T08:30:28-05:00 nwd-agent.nwd-agent[581668]:                                  Dload  Upload   Total   Spent    Left  Speed
100  191k  100   278  100  191k    402   277k --:--:-- --:--:-- --:--:--  277k

Here is a log when the snap is running in strict mode without the --devmode flag

2025-07-10T08:32:52-05:00 systemd[1]: snap.nwd-agent.nwd-agent.service: Scheduled restart job, restart counter is at 7.
2025-07-10T08:32:52-05:00 systemd[1]: Started snap.nwd-agent.nwd-agent.service - Service for snap application nwd-agent.nwd-agent.
2025-07-10T08:32:52-05:00 nwd-agent.nwd-agent[584687]: Running NWD-AGENT in default OS mode.
2025-07-10T08:32:52-05:00 nwd-agent.nwd-agent[584736]: /snap/nwd-agent/10/bin/nwd-agent.sh: line 12: /usr/bin/snap: Permission denied
2025-07-10T08:32:52-05:00 systemd[1]: snap.nwd-agent.nwd-agent.service: Main process exited, code=exited, status=126/n/a
2025-07-10T08:32:52-05:00 systemd[1]: snap.nwd-agent.nwd-agent.service: Failed with result 'exit-code'.

I understand that strict confinement is generally preferred over classic.

I’ve tried the existing interfaces to make the snap to work under strict confinement.

store-requests-bot · July 10, 2025, 1:36pm

This request has been added to the queue for review by the @reviewers team.

ogra · July 10, 2025, 2:25pm

UbuntuCore does not allow the installation of classic confined snaps at all, so that use case will never work…

Your log shows you are simply accessing a PNG that has been taken by ubuntu-frame in its SNAP_COMMON directory, a system-files interface that allows access to this directory should be sufficient to access that file…

NWDigital · July 10, 2025, 5:14pm

Oh, i didn’t know that about Ubuntu Core! Thanks for that and I will add the system files interface and see how that works. Thanks again, much appreciated.

NWDigital · July 10, 2025, 5:22pm

Is this the path I need to supply read access to for the system-files interface and if so, do I need write access as well? /root/snap/ubuntu-frame/common/

I’m guessing that’s it, but thought I’d ask to be sure.

NWDigital · July 10, 2025, 6:02pm

I added the interface to my snapcraft.yaml, rebuilt the snap and installed it on one of my Ubuntu Core 24 devices. However, I am getting the following error in my logs. Same as the error previously when trying to run it without the interface. Also, I did connect the interface. I even added /usr/bin/snap to the system-files interface but still not working.

Here’s my updated snapcraft.yaml

And the error:

2025-07-10T12:56:48-05:00 nwd-agent.nwd-agent[26302]: /snap/nwd-agent/x1/bin/nwd-agent.sh: line 12: /usr/bin/snap: Permission denied
2025-07-10T12:56:48-05:00 systemd[1]: snap.nwd-agent.nwd-agent.service: Main process exited, code=exited, status=126/n/a
2025-07-10T12:56:48-05:00 systemd[1]: snap.nwd-agent.nwd-agent.service: Failed with result 'exit-code'.

jslarraz · July 14, 2025, 8:40am

If I’m not mistaken it is because you try to execute snap run ubuntu-frame.screenshot from the confinement, which is not allowed. You need either to stage ubuntu-frame via stage-snaps or (possibly more reasonable) use an alternative method to get the screenshot.

NWDigital · July 14, 2025, 12:07pm

Correct. I’m open to other methods, but I haven’t found another way. I’ll try your suggestion and stage ubuntu-frame and see how that goes.

jslarraz · July 22, 2025, 2:37pm

Great, let me know how it goes.

Adding tag for our automation to hide the request. It will be bumped automatically with your next post in this topic (#askForInfo)

NWDigital · July 24, 2025, 9:58pm

Haven’t had a chance to try staging ubuntu-frame yet. If I do stage, will that actually work is the question. :-). Maybe I’ll have a chance to try this out next week. I’ll report back on my findings so others are aware.

cav · August 11, 2025, 11:12pm

ping - @NWDigital, any luck with this one?

NWDigital · August 14, 2025, 8:07pm

Nope, I’ve been pretty busy lately. I’m also working on a python webview snap which is also being a pain in the butt.

jslarraz · August 19, 2025, 1:03pm

@NWDigital thanks for your answer. I’m removing this request from the review queue. Feel free to open a new topic if you need further support.