Execute a snap app from withing another snap app

TL;DR: How can I run a snap app from another snap service?

We have the following:

  1. Snap app doing something. (It has its custom security settings)
  2. Two or three snap services that could run that particular app.

While testing, I found that /snap/bin is inaccessible from within the service - I got permission denied.

I know I can execute the same application from /snap/<snap-name>/bin, but the process will have the security context of the service when I want the security context to change, like if I would execute that command from the shell.

Is there a way to run an app from within the snap service?

There is a dbus service io.snapcraft.Launcher which uses the desktop-launch interface.

dbus-send --session --type=method_call --dest=io.snapcraft.Launcher /io/snapcraft/PrivilegedDesktopLauncher io.snapcraft.PrivilegedDesktopLauncher.OpenDesktopEntry "string:mpv_mpv.desktop"

This is an example command to run a snap. This is snap specific. Only snap to snap.

1 Like

Don’t ignore the possibility of just using xdg-open to open another snap.

E.G if you controlled both snaps, you’d have one snap set to have a .desktop file that registers a custom protocol, and then from the calling snap, simply issue xdg-open mycustomprotocol:/

This would swap the security context.

1 Like

Thank you, guys. I want to avoid using DBus and xdg open on our device. My solution is to set up a oneshot service in systems and start it using snapd REST API.