Heyo! I’m attempting to turn some disk monitoring/SMART testing software I’ve made into a snap, but I’m having some issues reading SMART data from disks that aren’t a /dev/sd*
block device, but only accessible via /dev/megaraid_sas_ioctl_node
. While using classic
confinement or installing with the --devmode
flag allows it to work, I’d think there would be the ability to do a full strict setup.
I have the following plugs set:
network
network-bind
scsi-generic
block-devices
My program runs smartctl
a large amount of times, and when querying for MegaRAID drives it typically looks something like smartctl -x /dev/bus/0 -d megaraid,59
. In the strict snap, this results in
Smartctl open device: /dev/bus/0 [megaraid_disk_59] failed: cannot open /dev/megaraid_sas_ioctl_node or /dev/megadev0
error from smartctl
and a seccomp
violation in snappy-debug
that looks something like
= Seccomp =
Time: May 8 12:15:55
Log: auid=1000 uid=0 gid=0 ses=610 subj=snap.destroy-disk-director.daemon pid=1352919 comm="smartctl" exe="/snap/destroy-disk-director/x9/usr/sbin/smartctl" sig=0 arch=c000003e 259(mknodat) compat=0 ip=0x7fc58450a275 code=0x50000
Syscall: mknodat
I can confirm that /dev/megaraid_sas_ioctl_node
is visible to the snap (via run --shell
) and the smartctl
command does properly work in both --classic
and --devmode
, but I want to be in strict mode. Is there something I can set in snapcraft.yaml
to allow that syscall?