Hi,
I’m the developer of wireguard-gui.
I’m struggling to make it work in a confined snap. It uses wg-quick and zenity in the background.
Is there a way to make it work inside a confined app? You can see my config here.
If not, could it be possible to publish it with classic confinement?
Thank you for your time.
Leone
What does snappy-debug report when you run it in strict confinement alongside with your app …
Note that only certain apps will be allowed classic, your application needs to fit into the supported category of:
… which i doubt wireguard fits into …
Sorry i should have read this before, also details more about what is my issue.
My application is starting fine the problem is when i execute this script
I got a permission error when trying to execute sudo. If i add sudo in the stage-packages it fix it but then i have another error where libsudo_utils.so.0 is missing.
This is the snappy-debug report i have:
= Seccomp = Time: 2024-07-16T14:3 Log: auid=1000 uid=1000 gid=1000 ses=3 subj=snap.wireguard-gui.wireguard-gui pid=170393 comm=“tokio-runtime-w” exe=“/snap/wireguard-gui/x1/usr/bin/wireguard-gui” sig=0 arch=c000003e 434(pidfd_open) compat=0 ip=0x7a9534dab88d code=0x50000 Syscall: pidfd_open
= AppArmor = Time: 2024-07-16T14:3 Log: apparmor=“DENIED” operation=“open” class=“file” profile=“snap.wireguard-gui.wireguard-gui” name=“/usr/libexec/sudo/libsudo_util.so.0.0.0” pid=171129 comm=“sudo” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=0 File: /usr/libexec/sudo/libsudo_util.so.0.0.0 (read) Suggestion:
If you have an idea on how i can fix that it will be very much appreciated.
Thanks.
You can not call sudo from inside snaps, simply ask your users to call it outside when starting it (you can add a command-chain wrapper script that checks for UID=0 and pops up a zenity dialog telling them about it)
Feels bad to have to run the entire app as root, but alright i’ll do it this way.
Thanks.
