Need classic confinement to make the application save/load files from correct folder

Hello everyone,

trying to wrap up the packaging of a pre-compiled Qt app, but it seems there are some problems with it.
Mainly, when opening or saving file, the HOME environment variable is set to the wrong folder (/home/user/snap/banana9/x1), and classic confinement avoids that but I’d rather not go there.

Furthermore there are some errors when launching the app

QStandardPaths: XDG_RUNTIME_DIR points to non-existing path '/run/user/1000/snap.banana9', please create it with 0700 permissions.
QStandardPaths: XDG_RUNTIME_DIR points to non-existing path '/run/user/1000/snap.banana9', please create it with 0700 permissions.
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
Unrecognized OpenGL version
Unrecognized OpenGL version
Could not create AF_NETLINK socket (Permission denied)
propsReply "An AppArmor policy prevents this sender from sending this message to this recipient; type=\"method_call\", sender=\":1.124\" (uid=1000 pid=20045 comm=\"/snap/banana9/x2/usr/bin/banana9 \") interface=\"org.freedesktop.DBus.Properties\" member=\"GetAll\" error name=\"(unset)\" requested_reply=\"0\" destination=\"org.freedesktop.NetworkManager\" (uid=0 pid=963 comm=\"/usr/sbin/NetworkManager --no-daemon \")"
nmReply "An AppArmor policy prevents this sender from sending this message to this recipient; type=\"method_call\", sender=\":1.124\" (uid=1000 pid=20045 comm=\"/snap/banana9/x2/usr/bin/banana9 \") interface=\"org.freedesktop.NetworkManager\" member=\"GetDevices\" error name=\"(unset)\" requested_reply=\"0\" destination=\"org.freedesktop.NetworkManager\" (uid=0 pid=963 comm=\"/usr/sbin/NetworkManager --no-daemon \")"
"Object path cannot be empty"
Could not create AF_NETLINK socket (Permission denied)
Could not create AF_NETLINK socket (Permission denied)
Could not create AF_NETLINK socket (Permission denied)
Could not create AF_NETLINK socket (Permission denied)

Here’s the snapcraft.yaml

name: banana9
version: 9.0.3
grade: stable
summary: Banana Snap Summary
description: Banana Snap Description
confinement: strict

apps:
  banana9:
    command: usr/bin/banana9
    plugs: [x11, home, network, gsettings, desktop, desktop-legacy]
    desktop: banana9.desktop 
    environment:
       QT_QPA_PLATFORM_PLUGIN_PATH: usr/plugins
       QT_QPA_PLATFORMTHEME: qt5ct
    
parts:
  banana9:
    source: ../output/banana9
    plugin: dump
    stage-packages:
      - libgl1
      - libgl1-mesa-glx
      - libglu1-mesa
      - libgl1-mesa-dri
      - libfreetype6
    build-attributes: [keep-execstack]

    override-pull: |
      snapcraftctl pull
      echo "Removing libcrypto.so and libssl.so..."
      rm usr/lib/libcrypto.so
      rm usr/lib/libssl.so

    override-prime: |
      snapcraftctl prime
      echo "Modifying qt.conf..."
      sed -i '3s/.*/LibraryExecutables=lib/' usr/bin/qt.conf
      sed -i '4s/.*/Plugins=plugins/' usr/bin/qt.conf
      echo "Removing install_banana9.sh and start_banana9.sh..."
      rm install-banana.sh
      rm start_banana9.sh

So, I want the app to be able to target the default HOME env variable, not the one set by Snap and understand what those errors are.

to allow your app to create network sockets you need to add the network-bind plug to your plugs list…

to make it find the libGL dri drivers use an environment entry and tell libGL where it finds the drivers:

apps:
  myapp:
    command: path/to/my/binary
    environment:
      LIBGL_DRIVERS_PATH: $SNAP/usr/lib/$SNAPCRAFT_ARCH_TRIPLET/dri
1 Like

Thanks, that solved the libGL drivers problem.
Adding network-bind didn’t solve the socket errors, even though apparently the app was and is working fine

You can adjust this in your snap. Eg: Real user $HOME dir

I have the same Could not create AF_NETLINK socket (Permission denied) issue with one of my application. The application works fine but keep printing the message if ran through the terminal.
Application uses QWebEngineView Library(which is based on Chromium webengine) of Qt, hence its a web-browser related issue.