we are currently doing a proof-of-concept for a customer on ubuntu-core / snap.
The software is a simple iot gateway which will read files from windows cifs
- The software will run as simple snap daemon
- The daemon should run permanently, over a UI it is possible to add and remove
- As the cifs shares can come and go during runtime it is necessary to mount
and umount them as needed
- The cifs shares are mounted in a subdirectory of $SNAP_COMMON
I successfully built a snap with the software and I am shipping the mount and umount binaries. When I install it in devmode everything works. When I install it in strict mode the mount works, but the umount does fail.
When I enter the snaps daemons namespace with:
snap run --shell mydaemon
I can issue the mount command to see the current mounts:
$SNAP/bin/mount | grep cifs //192.168.123.123/SomeShare on /var/snap/mydaemon/common/data/shares/SomeShare type cifs (rw,relatime,vers=1.0,sec=ntlmv2,cache=strict,username=Administrator,domain=WORKGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.123.123,file_mode=0755,dir_mode=0755,nounix,serverino,mapposix,rsize=61440,wsize=65536,echo_interval=60,actimeo=1)
When I issue umount the following error pops up:
$SNAP/bin/umount /var/snap/mydaemon/common/data/shares/SomeShare umount: /var/snap/mydaemon/common/data/shares/SomeShare: block devices are not permitted on filesystem
I only found this mailing list entry which might be related. And as it works in devmode I assume this has to do with missing apparmor or seccomp rules.
I am shipping mount and umount in the parts section of my snap:
parts: ... mount: plugin: nil stage-packages: - mount - cifs-utils organize: sbin/mount.cifs: bin/mount.cifs prime: - bin/mount - bin/umount - bin/mount.cifs ...
apps: mydaemon-service: command: > mydaemon -sharedir $SNAP_COMMON/data/shares daemon: simple restart-condition: always plugs: - network - network-control - network-bind - network-manager - network-setup-control - network-setup-observe - network-observe - mount-observe - fuse-support
My first idea was to create an interface which allows to execute cifs mount and umount inside the $SNAP_COMMON directory of a snap. But I don’t know if this is possible or if there is a better idea.