I’m having trouble with developing a custom interface for my app, and I realize that the seccomp profile for my snap is not being recompiled after editing the respective *.src
file.
I’m running into this error from snappy-debug
:
= Seccomp =
Time: Apr 21 01:57:13
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=37063 comm="5" exe=2F6D656D66643A6767635F636C6F6E65643A2F70726F632F73656C662F657865202864656C6574656429 sig=0 arch=c000003e 260(fchownat) compat=0 ip=0x4b975a code=0x50000
Syscall: fchownat
Suggestions:
* don't copy ownership of files (eg, use 'cp -r --preserve=mode' instead of 'cp -a')
* try the snapcraft preload plugin: https://github.com/sergiusens/snapcraft-preload
* adjust program to not use 'fchownat'
* ignore the denial if the program otherwise works correctly (unconditial chown is often just noise)
Separately, my app’s daemon logs show this error:
... failed to chown /var/snap/<snapname>/current/<filepath> to uid/gid owner 111/118: lchown /var/snap/<snapname>/current/<filepath>: operation not permitted
I tried adding filters like fchownat
and fchownat - - u:my_user g:my_group
(my_user
is a user that I expect to exist on the host system) to seccomp, but neither works. I suspected that the *.src
seccomp profile wasn’t being compiled to .bin
, so I removed .bin
. The result was that my daemon hangs when I try to run. I can’t even shell into it using snap run --shell mysnap
. Presumably, this is because the *.bin
binary wasn’t recompiled.
How do I force the profile to be recompiled?