Request classic mode for Visual LVM

The Visual LVM is remote GUI LVM manager, it needs to access/modify lvm information of host. So we have to run it on classic mode.
The information page of visual lvm is https://www.welees.com/visual-lvm.html

Thanks

The requirements for access / modify arbitrary files on the host are not sufficient for the granting of classic confinement (as per Process for reviewing classic confinement snaps). Can you please be more specific on what exactly your snap needs to access / modify on the host as I suspect system-files or another interface may allow you to achieve this. Thanks.

Hi, it needs to access
/etc/lvm/backup/* //The lvm configure files
/dev/[sdx|fdx|hdx|nvme??] //The disk/partition device for reading/modifying/fixing lvm information
In fact it must run as root.

for the latter one there are already existing interfaces like raw-volume, block-device, mount-observe and probably also hardware-observe and system-observe … try running in strict confinement with the snappy-debug tool from the snappy-debug snap running in a second terminal to see where the roadblocks are.

together with the use of system-files to read the files in /etc/lvm* that should get you going with strict confinement … perhaps some of the above interfaces might need enhancement though …

Hi ogra,
I write a test snap with followed config

name: my-test
version: ‘1.1’
summary: Single-line elevator pitch for your amazing snap
description: ‘This is a test snap’

grade: stable
confinement: strict

plugs:

  • lvm-info:*
  • interface: system-files*
  • read:*
    • /etc/**
  • write:*
    • /etc/**

parts:

  • my-test:*
  • See ‘snapcraft plugins’*

  • plugin: dump*
    apps:
  • ver:*
  • command: bin/ver*
  • show:*
  • command: bin/show*
  • test:*
  • plugs:*
  •  - lvm-info*
    
  • command: bin/test $1 $2 $3*

and the command test is :
#!/bin/bash
if [ “$1” == “read” ]; then
cat $2
fi

if [ “$1” == “write” ]; then
echo heheh >$2
fi

when I install the snap, it shows:
2021-07-27T18:22:05+08:00 INFO snap “test-common” has bad plugs or slots: lvm-info (cannot add system-files plug: “/etc/" contains a reserved apparmor char from
?
[]{}^”)

i don’t think you can use globing (*) in the interface path at the system-files definition, put the full path into the write block instead, delete the read block (write implies read) and name the interface like the actual file path like:

plugs:
  etc-lvm-backup:
    interface: system-files
    write:
      - /etc/lvm/backup

then, in your apps: declaration you use etc-lvm-backup in the plugs: section …

(also, make sure to put three backticks ``` at the lines above and below text you paste in a post, that way the formatting persists)

1 Like

I Modify as your advise, still access denied. :frowning:

the snapcraft.ymal:
name: my-test
version: ‘4.1’
summary: Single-line elevator pitch for your amazing snap
description: ‘This is a test snap’

grade: stable
confinement: strict

plugs:
etc-lvm-backup:
interface: system-files
write:
- /etc/lvm/backup

parts:
my-test:
# See ‘snapcraft plugins’
plugin: dump
apps:
ver:
command: bin/ver
show:
command: bin/show
test:
plugs:
- etc-lvm-backup
command: bin/test $1 $2 $3

bin/test:
#!/bin/bash
if [ “$1” == “read” ]; then
cat $2
fi

if [ “$1” == “write” ]; then
echo heheh >$2
fi

run result:
my-test.test write /etc/lvm/backup/test
/snap/test-common/x1/bin/test: line 7: /etc/lvm/backup/test: Permission denied

did you connect the interface with sudo snap connect ... ?

Oops, I forget it! And it works!
Thank you!
and another question : how to know what interface(s) needed by a snap?
Thank you again!

1 Like

you do snap install snappy-debug and run the snappy-debug command from it in a second terminal while running your application, the output from it should give you some hints about missing interfaces …

Sorry, I mean that how does the user know?

Thanks!

the user does not know, you could use a wrapper script that uses “snapctl is-connected …” to check if the interface is connected and show a message in case it is not …

you can also try to ask for auto-connection of the plugs at install time (just change the topic of this thread to become an auto-connection request), note though that for system-files plugs your app needs to be the clear owner of the dir/file the plug permits to get auto connection granted …

@weLees - can you please update this thread on the status for visual-lvm? It would appear from the discussion above that you may have got it working under strict confinement - can you confirm? Thanks.

We are trying to let it works in strict confinement, but more time needed.

Finally we’ve transfer it to strict mode.
How to update the status?

There is nothing you need to do - thanks for confirming it is working with strict confinement, I will consider this request for classic confinement closed then as it is no longer necessary.