Permission denied when launching binary app from another binary app in SNAP

snap
1

Hello there,

It will be helpful, if i can get some feedback regarding below issue:

Test SNAP Snippet(just for explaining issue) :

name: name1

apps:
APP1:
command: bin/binary1


APP2:
command: bin/binary2

Issue : When i call below code from code of “binary1”
-> system ("/snap/bin/name1.APP2")

Then, it gives me below error which i checked in syslog :
** name1.APP1[39420]: sh: 1: /snap/bin/name1.APP2: Permission denied**

Using snappy debug, it showed error like below :

Time: Jul 6 16:36:13
Log: apparmor=“DENIED” operation=“exec” profile="snap.name1.APP1" name="/snap/snapd/12398/usr/bin/snap" pid=11764 comm=“sh” requested_mask=“x” denied_mask=“x” fsuid=0 ouid=0
File: /snap/snapd/12398/usr/bin/snap (exec)
Suggestions:

  • adjust snap to ship ‘snap’
  • adjust program to use relative paths if the snap already ships ‘snap’

This code worked when i installed my SNAP using “devmode” but when i remove “devmode”, it started giving this issue.
I am not sure, what i am missing to remove this “Permission denied” issue when installing without devmode. Any comment will be helpful.

Thanks in advance.

2

the snap command (which calling binaries from /snap/bin always uses as snap run $APP) is an enduser command and not accessible from within a snap …

to call one app from the other (if you ship both of them in the same snap) you would call it like:

system("$SNAP/usr/bin/app2")

(or wherever it sits inside your snap if not in $SNAP/usr/bin/)

1 Like
3

Hello @ogra
Thank you for your response .
It worked for me now. It means , in devmode we can access /snap/bin/ also but not without devmode . Is it correct ?

4

devmode turns all sandboxing into “report mode”, so instead of blocking things it normally blocks, it spams your log with reports about what it would usually block to help you adjusting your snap for strict confinement …

to get meaningful info and suggestions about what was logged, there is the snappy-debug command from the snappy-debug snap that you can run alongside when executing your snap app…

5

Noted . Thank you for this information.