TL;DR: How can I run a snap app from another snap service?
We have the following:
- Snap app doing something. (It has its custom security settings)
- Two or three snap services that could run that particular app.
While testing, I found that /snap/bin is inaccessible from within the service - I got permission denied.
I know I can execute the same application from /snap/<snap-name>/bin, but the process will have the security context of the service when I want the security context to change, like if I would execute that command from the shell.
Is there a way to run an app from within the snap service?
There is a dbus service io.snapcraft.Launcher which uses the desktop-launch interface.
dbus-send --session --type=method_call --dest=io.snapcraft.Launcher /io/snapcraft/PrivilegedDesktopLauncher io.snapcraft.PrivilegedDesktopLauncher.OpenDesktopEntry "string:mpv_mpv.desktop"
This is an example command to run a snap. This is snap specific. Only snap to snap.
1 Like
Don’t ignore the possibility of just using xdg-open to open another snap.
E.G if you controlled both snaps, you’d have one snap set to have a .desktop file that registers a custom protocol, and then from the calling snap, simply issue xdg-open mycustomprotocol:/
This would swap the security context.
1 Like
Thank you, guys. I want to avoid using DBus and xdg open on our device.
My solution is to set up a oneshot service in systems and start it using snapd REST API.
