Request classic mode for Visual LVM

Hi ogra,
I write a test snap with followed config

name: my-test
version: ‘1.1’
summary: Single-line elevator pitch for your amazing snap
description: ‘This is a test snap’

grade: stable
confinement: strict


  • lvm-info:*
  • interface: system-files*
  • read:*
    • /etc/**
  • write:*
    • /etc/**


  • my-test:*
  • See ‘snapcraft plugins’*

  • plugin: dump*
  • ver:*
  • command: bin/ver*
  • show:*
  • command: bin/show*
  • test:*
  • plugs:*
  •  - lvm-info*
  • command: bin/test $1 $2 $3*

and the command test is :
if [ “$1” == “read” ]; then
cat $2

if [ “$1” == “write” ]; then
echo heheh >$2

when I install the snap, it shows:
2021-07-27T18:22:05+08:00 INFO snap “test-common” has bad plugs or slots: lvm-info (cannot add system-files plug: “/etc/" contains a reserved apparmor char from

i don’t think you can use globing (*) in the interface path at the system-files definition, put the full path into the write block instead, delete the read block (write implies read) and name the interface like the actual file path like:

    interface: system-files
      - /etc/lvm/backup

then, in your apps: declaration you use etc-lvm-backup in the plugs: section …

(also, make sure to put three backticks ``` at the lines above and below text you paste in a post, that way the formatting persists)

1 Like

I Modify as your advise, still access denied. :frowning:

the snapcraft.ymal: name: my-test version: ‘4.1’ summary: Single-line elevator pitch for your amazing snap description: ‘This is a test snap’

grade: stable confinement: strict

plugs: etc-lvm-backup: interface: system-files write: - /etc/lvm/backup

parts: my-test: # See ‘snapcraft plugins’ plugin: dump apps: ver: command: bin/ver show: command: bin/show test: plugs: - etc-lvm-backup command: bin/test $1 $2 $3

bin/test: #!/bin/bash if [ “$1” == “read” ]; then cat $2 fi

if [ “$1” == “write” ]; then echo heheh >$2 fi

run result: my-test.test write /etc/lvm/backup/test /snap/test-common/x1/bin/test: line 7: /etc/lvm/backup/test: Permission denied

did you connect the interface with sudo snap connect ... ?

Oops, I forget it! And it works!
Thank you!
and another question : how to know what interface(s) needed by a snap?
Thank you again!

1 Like

you do snap install snappy-debug and run the snappy-debug command from it in a second terminal while running your application, the output from it should give you some hints about missing interfaces …

Sorry, I mean that how does the user know?


the user does not know, you could use a wrapper script that uses “snapctl is-connected …” to check if the interface is connected and show a message in case it is not …

you can also try to ask for auto-connection of the plugs at install time (just change the topic of this thread to become an auto-connection request), note though that for system-files plugs your app needs to be the clear owner of the dir/file the plug permits to get auto connection granted …

@weLees - can you please update this thread on the status for visual-lvm? It would appear from the discussion above that you may have got it working under strict confinement - can you confirm? Thanks.

We are trying to let it works in strict confinement, but more time needed.

Finally we’ve transfer it to strict mode.
How to update the status?

There is nothing you need to do - thanks for confirming it is working with strict confinement, I will consider this request for classic confinement closed then as it is no longer necessary.

Hi alexmurray, We have tried all methods to make visual-lvm-remote works on strict mode but failed. it needs to works with /dev/sdx, /proc/{@id}/mounts, seeks to implement all features. I have to request classic mode for visual-lvm-remote again. We can’t make it work in strict mode. T_T

As per the Process for reviewing classic confinement snaps, unfortunately the inability to get a snap working under strict confinement is not a sufficient precondition to be granted the use of classic confinement.

Not every application is able to be packaged as a strictly confined snap, and for those that are not, they must have a requirement for classic confinement as per that page - but again, this snap doesn’t seem to need to execute arbitrary binaries from the host or access things outside the snap’s runtime etc. Instead it would seem to need an interface that provides direct access to underlying disk devices. This does not currently exist but perhaps the block-devices interface which provides partition level access may be sufficient?

Also for /proc/$id/mounts you could try using mount-observe.


Hi alex, It seems that we can ignore the mount case now. But we’ve found the new case : My snap can not open /dev/mapper/control. It shows “Operation not permitted”.


It looks like it should be possible to access /dev/mapper/control by using the dm-crypt interface - next time can you try using snappy-debug which should automatically suggest such things. Thanks.


Hi Alex, Thansk for you reply. YES! IT WORKS! We are build the new package for review

Hi @isaac.clack , I believe the issue is solved. could you please confirm, so I can go ahead and remove this request from the queue? Thanks.

Hi @sahnaseredini , Visual LVM can run with strict mode now. But there is a problem yet. Could you help me ? The problem thread:

@isaac.clack since the discussion changed to Manual review request for Visual LVM 5.2 - #4 by isaac.clack, I am removing this classic request from our review queue. Thanks!