Classic confinement request: ncdu

store-requests
3

@emitorino When I run snappy-dug, no errors are displayed when I get the error I want to fix.

Error: could not open /var/lib/snapd/void

image
image910×149 10.7 KB
This happens when I’m trying to execute the application on an extra HDD that is not a USB. /dev/mapper/sda /Data ext4 defaults 0 0

Here is the plugs that was tried and failed:

plugs:
  - home
  - removable-media
  - mount-observe
  - system-backup

The previous developer also tried in vain to get approval here: Interface approval for ncdu snap - #9 by kz6fittycent Is the purpose of classic confinement not for application not able to use strict confinement?

The errors I do see in Snappy-debug are:

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/.java/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/.java/ (read) Suggestions:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
  • add ‘personal-files (…the-personal-files-interface for acceptance criteria)’ to ‘plugs’

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/.synaptic/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/.synaptic/ (read) Suggestions:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
  • add ‘personal-files (see …/the-personal-files-interface for acceptance criteria)’ to ‘plugs’

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/hw-probe/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/hw-probe/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/remmina/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/remmina/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/certbot/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/certbot/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/grex/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/grex/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/fwupd/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/fwupd/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/nmap/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/nmap/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/htop/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/htop/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:17 Log: apparmor=“DENIED” operation=“open” profile=“snap.ncdu.ncdu” name=“/root/snap/multipass/” pid=23236 comm=“ncdu” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0 File: /root/snap/multipass/ (read) Suggestion:

  • adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor = Time: Jul 19 08:11:45 Log: apparmor=“DENIED” operation=“capable” profile=“snap.ncdu.ncdu” pid=23393 comm=“ncdu” capability=2 capname=“dac_read_search” Capability: dac_read_search Suggestions:

  • adjust program to not require ‘CAP_DAC_READ_SEARCH’ (see ‘man 7 capabilities’)
  • add one of ‘system-backup’ to ‘plugs’
  • do nothing if program otherwise works properly

= AppArmor = Time: Jul 19 08:11:45 Log: apparmor=“DENIED” operation=“capable” profile=“snap.ncdu.ncdu” pid=23393 comm=“ncdu” capability=1 capname=“dac_override” Capability: dac_override Suggestions:

  • adjust program to not require ‘CAP_DAC_OVERRIDE’ (see ‘man 7 capabilities’)
  • add one of ‘log-observe’ to ‘plugs’
  • do nothing if program otherwise works properly