This is my first rodeo building a snap application so please bear with me.
I have built an app using electron and electron-builder. We started packaging with AppImage but given we had some issues with icons we decided to explore Snap as well.
I am a bit lost as how to debug the app. The application works as expected when using classic confinement but fails to work in strict or devmode. I tried to debug using snappy debug but it shows only one entry related to DBUS. The same call shows as allowed in devmode so I am assuming it is not the issue?
My questions are these.
Should I work on moving to strict confinement or is classic used widely and ok (assuming I am fine with manual verification on publish)?
How do I actually debug what interfaces do I need to have given the snappy-debug does not seem to show anything specific?
The failure in the app seems to be around networking. I have a network interface allowed and auto connected. DNS lookup actually works but following requests to the local discovered machines do not go through in strict or dev.
Well, you should show the error… and showing your current snapcraft.yaml might be helpful too… generally you should not need dbus for electron apps unless they actually use it from the app code…
Getting classic confinement granted for such an app is very unlikely, so you should move forward in strict mode and try to fix the issues.
With electron I’d recommend also comparing the javascript console output between working/non-working…
The issue is there are no errors to speak of. I will play with the code today since I assume we are catching an error with the network requests but I even if I get an error in JS (it will likely be along the lines of hostname not found) it is difficult for me to understand how to align these with the interfaces that need to be granted and connected.
Interestingly enough. Only the DBUS I saw yesterday. The char and personal info is new when running today. But it seems it is allowed in devmode so I assume it does have access?
I do not have the snapcraft.yaml that I created but I managed to dig out something out of electron-builder which I use.
The first apparmor denial should go away when you add and connect the bluez interface… the last one is very odd, since the desktop interface should grant you access to the user’s fontconfig dir, are the permissions potentially wrong in that dir/file ?
The other ones seem to be attempts to delete char devices, could you guess why it tries to do that? Seems weird…
See:
Your app would have to fit into one of the supported categories to get classic granted, other applications will not be considered for classic…
The app has two parts. One is the JS part and I am not aware of it trying to touch any of these resources. The other part uses a Web Assembly package. Although we use it mainly for processing of data I am not perfectly aware of what it does on the lowest level so I might investigate if something odd is happening (Emscripten doing some things by default).
But this does not answer the fundamental question. And maybe I am misunderstanding the role of devmode. The app armor shows all these to be allowed in devmode. So if they are allowed under dev mode these should not be the case of the app not working, correct?
What should be my recommended process to get it working if it is not running even in devmode?
My wild guess would be that some dependency is not included in the snap that the app tries to use/access… this is why I hoped you’d find any javascript errors…
Snaps have various other debugging options built in, you could try to strace it for example…