I’m trying to run the openstackclients snap and get it to read the system certificates now that it has been updated to use the strict confinement.
I’ve found in other threads across the forum that if you just add the network plug it would be able to read the system certificates on /etc/ssl/certs.
I did 2 tests, 1) I added an extra custom cert (cacert.pem) in that folder just to see if the snap would be able to read it and 2) I verified the ca-certificates.crt file that I have and compared to what the snap reads. To test, I create a shell using:
snap run --shell openstackclients.openstack
then I navigate to /etc/ssl/certs in that shell and I don’t see my cacert.pem file there. Also, ca-certificates.crt is different than I have in my system /etc/ssl/certs.
Then, checking the content of /snap and find/grepping for my file and certificate, respectively, I find them in /snap/core/10908/etc/ssl/certs/.
In my /snap/core folder I have 2 folders: 10908 and 10958. The content in /etc/ssl/certs in both are different, where 10908 mirrors my system /etc/ssl/certs and 10958 doesn’t. I don’t know what 10958 mirrors. I suspect the openstackclients is using 10958.
When running “snap connections --all” I see:
Interface Plug Slot Notes
network openstackclients:network :network -
So I guess I should assume the openstackclients snap should be able to read my certs and files under /etc/ssl/certs.
Any ideas on how to make it read the certificates or load the core with the proper content like 10908? Is this a bug?
Thanks in advance