Permission denied when installing jq using snap

extmzigher · January 13, 2020, 8:48am

Hi,

I used snap for the first time trying to install the command line util jq.

$ sudo snap install jq

But I get permission denied when trying to use it on any file in my home directory

 $ sudo snap info jq
 name:      jq 
 summary:   The jq command
 publisher: Canonical✓
 contact:   snaps@canonical.com
 license:   unset
 description: |
 The jq command
 commands:
 - jq
 snap-id:      8X4ytHZ2xX4kNkr8V2NU3AQuoMlglwED
 tracking:     stable
 refresh-date: today at 09:41 CET
 channels:
 stable:    1.5+dfsg-1 2017-05-17  (6) 245kB -
 candidate: 1.5+dfsg-1 2017-05-17  (6) 245kB -
 beta:      1.6        2018-11-19 (11)   1MB -
 edge:      1.6        2018-11-19 (11)   1MB -
 installed:   1.5+dfsg-1             (6) 245kB -

 $ sudo snap list jq
 Name  Version     Rev  Tracking  Publisher   Notes
 jq    1.5+dfsg-1  6    stable    canonical✓  -

I tried installing it using classic

$ sudo snap install --classic jq
Warning: flag --classic ignored for strictly confined snap jq

 jq 1.5+dfsg-1 from Canonical✓ installed

So what is going on here? The only way to get it to work is by installing it using devmode

$ sudo snap install --devmode jq
jq 1.5+dfsg-1 from Canonical✓ installed

$ sudo snap list jq
Name  Version     Rev  Tracking  Publisher   Notes
jq    1.5+dfsg-1  6    stable    canonical✓  devmode

Is this a problem with the snap package or with snap. I can see that there exists a deb package for jq but cannot install it using apt anymore. I am running Ubuntu 19.10. Would appreciate to get any assistance on how to manage this.

mborzecki · January 13, 2020, 9:02am

The jq snap uses strict confinement, meaning it cannot access arbitrary places in the system. The snap does not use the home interface either so that your real $HOME is off limits too.

However, you can pass the contents of the file in stdin like so:

$ jq < $HOME/somefile
# or
$ cat $HOME/somefile | jq

extmzigher · January 13, 2020, 9:10am

That seems a bit strange that ubuntu starts using snap which in turn changes how to use a command line util that will break scripts that is using jq. The man pages for jq is also not matching this new behavior if you are not allowed to use jq as is stated in the man pages.

jq [options…] filter [files…]

But thanks for the help.

Saviq · January 13, 2020, 2:38pm

FWIW the snap could have asked for the home interface, which would have allowed it access to files in your home folder - but not those hidden (or in hidden directories).

extmzigher · January 13, 2020, 3:45pm

Since I am new to the snap concept could you clarify. Do you mean that the snap package should have asked for the home or should I have informed snap that it should have access to home?

ogra · January 13, 2020, 4:45pm

someone should inform the snap packager to add the home plug to the snap definition (a one line change), then you would at least be able to operate directly on (non-hidden) files in your home dir as advertised in the manpage.

i assume whoever packaged it originally did that for Ubuntu Core where the home interface isnt used a lot and does also not auto-connect …