Interfaces: Allow access /tmp directory

Lin-Buo-Ren · April 25, 2018, 3:21am

Many applications will create temporary directories in /tmp before further processing, if a snap application can’t access host /tmp the process can’t be done.

Here’s the example bash trace of the problem, the shellcheck command failed to check the script because it is a confined snap application.

+ git diff -z --cached --name-only --diff-filter=ACM '*.bash'
+ git checkout-index --stdin -z '--prefix=/tmp/Git Pre-commit Hook for GNU Bash Projects.m1riGS.tmpdir/'
+ declare check_result=UNKNOWN
+ pushd '/tmp/Git Pre-commit Hook for GNU Bash Projects.m1riGS.tmpdir'
+ IFS=
+ read -r -d '' file
++ find . -name '*.bash' -type f -print0
+ printf 'Checking %s...\n' './Git Pre-commit Hook for GNU Bash Projects.bash'
Checking ./Git Pre-commit Hook for GNU Bash Projects.bash...
+ shellcheck --shell=bash './Git Pre-commit Hook for GNU Bash Projects.bash'
./Git Pre-commit Hook for GNU Bash Projects.bash: ./Git Pre-commit Hook for GNU Bash Projects.bash: openBinaryFile: does not exist (No such file or directory)

zyga-snapd · April 25, 2018, 1:29pm

Due to the way the system is set-up today the host’s tmp is “lost” during the transition to the mount namespace. Changing that would be very difficult now.

One thing I would like to suggest is that you can look at the original filesystem (well, most of it) in /var/lib/snapd/hostfs so technically if we had an interface that takes /var/lib/snapd/hostfs/tmp you could teach your application to use that.