I have a couple of snaps that cannot read files inside $HOME. I get errors like:
in my $home as root:
batcat test.txt
[bat error]: ‘test.txt’: Permission denied (os error 13)
grex --file test.txt
permission denied: the specified file could not be opened
Works when I’m not elevated:
$ batcat test.txt | wc -l
73
When I run these as root. When I run them as myself I can access the files and the applications work . What must I do so that sudo will be able to access the file?
Snap confinement for the home
interface by default has an owner
rule, which means that the owner of the files/directories must match those of the uid/gid of the process that is trying to access them, which means that root inside snaps can only read from root’s home directory /root
and only user foo
can read from /home/foo
.
There is a way around this for particular snaps that have good justification for this by using the read: all
interface attribute for the home plug. You can read more about that at the docs: https://snapcraft.io/docs/home-interface
1 Like