Permission denied when trying to access user files

NABrain · September 17, 2018, 7:49pm

When I test my snap on another machine I get permission denied errors. I tried booting it up in a shell, sudo snap run --shell myapp
In the shell, I can ls /home/, but I get permission denied trying to ls /home/user/
In my snapcraft I have the following plugs in my app: command section:
plugs: [home, unity7, x11, desktop, desktop-legacy]

Does anyone know why I am getting these permission errors and how to fix it?
Thanks.

Lin-Buo-Ren · September 17, 2018, 8:07pm

Is your /home/user linked to an external filesystem?

NABrain · September 17, 2018, 8:19pm

No I don’t think so.

Lin-Buo-Ren · September 17, 2018, 8:21pm

What is the ownership of your /home/user directory?

NABrain · September 17, 2018, 8:27pm

The result of df is:

Filesystem 1K-blocks Used Available Use% Mounted on udev 8124060 0 8124060 0% /dev tmpfs 1630124 157556 1472568 10% /run /dev/sda2 106047592 66027216 34610432 66% / tmpfs 8150616 11832 8138784 1% /dev/shm tmpfs 5120 4 5116 1% /run/lock tmpfs 8150616 0 8150616 0% /sys/fs/cgroup /dev/loop1 90112 90112 0 100% /snap/core/5328 /dev/loop0 89088 89088 0 100% /snap/core/4917 /dev/loop3 89088 89088 0 100% /snap/core/5145 /dev/loop4 202752 202752 0 100% /snap/vlc/365 /dev/loop2 199936 199936 0 100% /snap/vlc/555 /dev/sda1 523248 3496 519752 1% /boot/efi tmpfs 1630124 84 1630040 1% /run/user/1000 /dev/loop5 98560 98560 0 100% /snap/myapp/12 /dev/loop6 98560 98560 0 100% /snap/myapp/13 /dev/loop7 127104 127104 0 100% /snap/myapp/14 The ownership is drwxr-xr-x

Sorry about the formatting, I don’t know how to use multiple spaces in this.

ryanjyoder · September 17, 2018, 10:00pm

You’ve probably already checked this, but it happens to me a lot. Is the home plug actually connected? It’s not auto connect strict confinement.

NABrain · September 17, 2018, 10:10pm

Thank you for the suggestion. When doing snap interfaces | grep home it shows myapp as one of the entries.

Edit: You were right, I think. I didn’t fully understand strict confinement. I guess I need classic confinement. Thank you.
For anyone looking back on this, here are the docs for confinement:

Lin-Buo-Ren · September 18, 2018, 3:57am

~~Snapd does auto-connect the home interface~~, so the files under your home directory (with an exception of the hidden files right under it, and the home directory isn’t a symbolic link to other location) should always be accessible.

Here’s the doc for all the interfaces specification: Interface management

jdstrand · September 19, 2018, 7:12am

Are there any security denials in journalctl at the time of the denial? If so, please paste them.

ogra · September 19, 2018, 10:37am

Only on non-UbuntuCore systems … when running on top of an UbuntuCore image home does not get auto-connected IIRC