PermissionError: [Errno 13] Permission denied: '/etc/glances/glances.conf'

root@sheo2-consul2:~# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION=“Ubuntu 18.04.2 LTS”
NAME=“Ubuntu”
VERSION=“18.04.2 LTS (Bionic Beaver)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=“Ubuntu 18.04.2 LTS”
VERSION_ID=“18.04”
HOME_URL=“https://www.ubuntu.com/”
SUPPORT_URL=“https://help.ubuntu.com/”
BUG_REPORT_URL=“https://bugs.launchpad.net/ubuntu/”
PRIVACY_POLICY_URL=“https://www.ubuntu.com/legal/terms-and-policies/privacy-policy”
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

root@sheo2-consul2:~# snap install glances

root@sheo2-consul2:~# glances
Warning: Unable to set locale. Expect encoding problems.
Traceback (most recent call last):
File “/snap/glances/5/bin/glances”, line 11, in
load_entry_point(‘Glances==2.11.1’, ‘console_scripts’, ‘glances’)()
File “/snap/glances/5/lib/python3.5/site-packages/glances/init.py”, line 126, in main
core = GlancesMain()
File “/snap/glances/5/lib/python3.5/site-packages/glances/main.py”, line 84, in init
self.args = self.parse_args()
File “/snap/glances/5/lib/python3.5/site-packages/glances/main.py”, line 274, in parse_args
self.config = Config(args.conf_file)
File “/snap/glances/5/lib/python3.5/site-packages/glances/config.py”, line 107, in init
self.read()
File “/snap/glances/5/lib/python3.5/site-packages/glances/config.py”, line 140, in read
with open(config_file, encoding=‘utf-8’) as f:
PermissionError: [Errno 13] Permission denied: ‘/etc/glances/glances.conf’

root@sheo2-consul2:~# tail -f /var/log/syslog

Oct 22 21:26:24 sheo2-consul2 kernel: [8311682.847820] audit: type=1400 audit(1571750784.173:1036): apparmor=“DENIED” operation=“open” profile=“snap.glances.glances” name="/etc/glances/glances.conf" pid=1352274 comm=“python3” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0

what is the complete output of snap version (specifically the kernel line)

glances works fine here when all interfaces are connected, did you do that ? (by default it does not have many interface connections … you can check with snap connections glances and connect them with the snap connect ... command)

also: do not run snaps as root if not explicitly needed …

thanks very much.

the complete output of snap version is as follow

root@sheo2-consul2:~# snap version
snap 2.42
snapd 2.42
series 16
ubuntu 18.04
kernel 4.15.0-51-generic

the version of glances is as follow:
root@sheo2-consul2:~# snap list | grep glances
glances 2.11.1 5 stable nicolargo -
I did not connect any connections for glance, the connections of glances is as follow:

root@sheo2-consul2:~# glances --version
Warning: Unable to set locale. Expect encoding problems.
Glances v2.11.1 with psutil v5.4.2

root@sheo2-consul2:~# snap connections glances
Interface Plug Slot Notes
hardware-observe glances:hardware-observe - -
log-observe glances:log-observe - -
mount-observe glances:mount-observe - -
network glances:network :network -
network-observe glances:network-observe - -
physical-memory-observe glances:physical-memory-observe - -
system-observe glances:system-observe - -
upower-observe glances:upower-observe :upower-observe -

In fact, in my centos server, I use snap install glances, and glances work well without anything modify just as connecting interface.

[root@sltypzegljt ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

[root@sltypzegljt ~]# snap version
snap 2.39.2-1.el7
snapd 2.39.2-1.el7
series 16
centos 7
kernel 3.10.0-862.9.1.el7.x86_64
[root@sltypzegljt ~]# snap list | grep glances
glances 2.11.1 5 stable nicolargo -

[root@sltypzegljt ~]# glances --version
Warning: Unable to set locale. Expect encoding problems.
Glances v2.11.1 with psutil v5.4.2

[root@sltypzegljt ~]# snap connections glances
Interface Plug Slot Notes
hardware-observe glances:hardware-observe - -
log-observe glances:log-observe - -
mount-observe glances:mount-observe - -
network glances:network :network -
network-observe glances:network-observe - -
physical-memory-observe glances:physical-memory-observe - -
system-observe glances:system-observe - -
upower-observe glances:upower-observe :upower-observe -

Besides, in my ubuntu_desktop_18.04, I comes to the same problem as ubuntu_server_18.04.

04_glances_log3152×2384 720 KB

But, when I use the software in the desktop to install glances, It reminder me whether turn on the permits. If I turn on the all permissions, glances work well. If not, it shows the same error,

I use snappy-debug to debug, the output is as follow:

root@sheo2-consul2:~# sudo /snap/bin/snappy-debug.security scanlog glances
INFO: Following ‘/var/log/syslog’. If have dropped messages, use:
INFO: $ sudo journalctl --output=short --follow --all | sudo snappy-debug
kernel.printk_ratelimit = 0
= AppArmor =
Time: Oct 23 14:48:20
Log: apparmor=“DENIED” operation=“open” profile=“snap.glances.glances” name="/etc/glances/glances.conf" pid=1363428 comm=“python3” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
File: /etc/glances/glances.conf (read)
Suggestions:

• adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
• adjust snap to use snap layouts (Snap layouts)
• add ‘system-files (see https://forum.snapcraft.io/t/the-system-files-interface for acceptance criteria)’ to ‘plugs’

In my owner view, it is a bug for glances.snap. Some modify should be taken in snapcraft.yaml for glances.
But I did not know how to fix it , and get not get the snapcraft.yaml of glances.

An reply will be appreciate.

Just now, I try to use snap install glances --devmode, then glances work well.

image3636×324 115 KB

But, in my opinion, the glances in stable channel can work well without --devmode

so again… first of all … do not run snaps as root when testing anything, run them as a normal user please, the app might use completely different code-paths internally when running it as root which makes any debugging pointless …

make sure all interfaces are connected … that an app does run limited without its interfaces connected in snap packaging is expected … good packaging would have a wrapper telling you to connect the mount-observe interface instead of throwing an error when trying to access mtab though …

you can try filing an issue about that fact, so the packager can fix it:

$ snap info glances|grep contact
contact:   https://github.com/nicolargo/glances/issues

running a snap in --devmode simply disables all interfaces, rather connect them instead using the snap connect ... command:

$ snap connect --help
Usage:
  snap connect [connect-OPTIONS] [<snap>:<plug>] [<snap>:<slot>]

The connect command connects a plug to a slot.
It may be called in the following ways:

$ snap connect <snap>:<plug> <snap>:<slot>

Connects the provided plug to the given slot.

$ snap connect <snap>:<plug> <snap>

Connects the specific plug to the only slot in the provided snap that matches
the connected interface. If more than one potential slot exists, the command
fails.

$ snap connect <snap>:<plug>

Connects the provided plug to the slot in the core snap with a name matching
the plug name.

[connect command options]
      --no-wait          Do not wait for the operation to finish but just print the change id.

simply call it for each of the interfaces that show no slot in the snap connections output … or use the graphical “Permissions” tab in the software center that you already discovered.

Thanks very much.

Now， $ sudo glances work well after $ sudo snap connect glances:mount-observe :mount-observe on your advices.

image1144×306 37.7 KB

Just as your said, good packaging would have a wrapper and connect necessary interfaces itself.

A bug has committed https://github.com/nicolargo/glances/issues/1552, wish glances can do something.