Megaraid with Strict

Heyo! I’m attempting to turn some disk monitoring/SMART testing software I’ve made into a snap, but I’m having some issues reading SMART data from disks that aren’t a /dev/sd* block device, but only accessible via /dev/megaraid_sas_ioctl_node. While using classic confinement or installing with the --devmode flag allows it to work, I’d think there would be the ability to do a full strict setup.

I have the following plugs set:


My program runs smartctl a large amount of times, and when querying for MegaRAID drives it typically looks something like smartctl -x /dev/bus/0 -d megaraid,59. In the strict snap, this results in Smartctl open device: /dev/bus/0 [megaraid_disk_59] failed: cannot open /dev/megaraid_sas_ioctl_node or /dev/megadev0 error from smartctl and a seccomp violation in snappy-debug that looks something like

= Seccomp =
Time: May  8 12:15:55
Log: auid=1000 uid=0 gid=0 ses=610 subj=snap.destroy-disk-director.daemon pid=1352919 comm="smartctl" exe="/snap/destroy-disk-director/x9/usr/sbin/smartctl" sig=0 arch=c000003e 259(mknodat) compat=0 ip=0x7fc58450a275 code=0x50000
Syscall: mknodat

I can confirm that /dev/megaraid_sas_ioctl_node is visible to the snap (via run --shell) and the smartctl command does properly work in both --classic and --devmode, but I want to be in strict mode. Is there something I can set in snapcraft.yaml to allow that syscall?

I fear that will need a new snapd interface or the extension of an existing one…

Is there a relatively easy way I can do that inside my snap? I’d love to be able to use strict mode, but would rather not have to modify Snap itself or its configs on every server I want to deploy this on.

I don’t think there is a way, it will really need upstream code changes in snapd… you won’t be able to do that locally or via something in the application snap