In testing my snap, I can’t install the local snap with the same bevaviour as when getting it from the store. My confinement is strict, however when I do:
snap install --dangerous <filename>
when it looks for its config in /etc/ its seeing the files on the host.
But when I install from the store,
snap install --beta <my-app-name>
and then looks for config files in /etc/ it sees the ones from my layout.
How can I get the same behaviour so I don’t always have to upload to the store?
Thanks.
What is snap version and what interfaces do you use with the snap?
Snap version:
snap 2.45.1
snapd 2.45.1
series 16
ubuntu 20.04
kernel 5.4.0-26-generic
And:
apps:
suricata:
command: suricata
plugs:
- network-bind
- home
layout:
/var/lib/suricata:
bind: $SNAP_DATA/lib
/etc/suricata:
bind: $SNAP_DATA/etc/suricata
/var/log/suricata:
bind: $SNAP_DATA/log
So this should be making your snap use /etc/suricata from $SNAP_DATA, but if it is not with your locally installed, there is probably a bug somewhere in the mount namespace code. Can you run:
cat /run/snapd/ns/snap.$SNAP_NAME.fstab
sudo nsenter --mount=/run/snapd/ns/$SNAP_NAME.mnt /bin/sh -c 'cat /proc/self/mountinfo'