First fix the HOME for fotoxx. Add this
apps:
fotoxx:
environment:
HOME: $SNAP_USER_COMMON
To solve these you will need to connect some interfaces, please install the snappy-debug snap and run it alongside your app, it will tell you about any additional interface plugs you should add
It would be a problem asking Fotoxx users to reorganize their image collections to fit snap restrictions. I don’t know how these folders are named, within $HOME or outside. It shoould be possible for users to designate their image folders, as presently. Fotoxx does use the GTK3 file open dialog, but in my last snap attempt it was not allowing access outside the snap app’s private $HOME. $HOME/.fotoxx is for user settings and other data. That need not change. It is the image folder(s) in other places that is problematic.
I will add the missing stage packages for outboard programs. These are optional and are not preventing Fotoxx from working.
I would more than happy to give you the source tarball and let you try to find the magic recipe. You can get it from my download page: https://kornelix.net/downloads/downloads/fotoxx-23.74-source.tar.gz
Will make this and above changes and report back.
Are you the upstream of fotoxx? Just curious to know 
Just to confirm, there’s two GTK3 file open classes, the one you need to use to be able to view arbitrary files on the system is https://docs.gtk.org/gtk3/class.FileChooserNative.html - there’s a seperate FileChooser which would not work with the Portals mechanism. The native class is a subset of the normal class, so there’s some functionality loss if you’re using the full range of whats available in the original class, but most applications would be fine with the native class. (And in latest GTK4, the equivilent class is now default iirc).
Also, you might want to consider adding the removable-media interface. This interface grants the snap access to all of /mnt and /media. This doesn’t require approval to submit, but doesn’t connect automatically. You would be able and likely to be granted an autoconnection exception though by virtue of being a media editor.
(I.E you’d need to use sudo snap connect fotoxx:removable-media unless/until the store override does this automatically)
This means in general for a strict snap in a position similar to yours, you’d be able to expect:
- Access to files in
$HOME, unless they’re in a top level hidden directory. (Not including$HOME/.fotoxx, personal files can deal with that) - Access to files in /mnt and /media, provided connection is done either manually or via override.
- Access to arbitrary other files/folders depending upon the file chooser implementation, which can theoretically access any location on the system (regular permissions aside).
- In the future, snap is looking to support the user selectively granting access too, which would help further. But the 3 above should cover a vast majority of typical use.
Thanks. I will implement the other file chooser as recommended. IIUYC this will allow users to select any folder (containing image files). This looks more general and would include removable media. Would the user have to do this at each app startup, or can the folders outside $HOME remain accessible once the user says so? (possibly needing the app to remember settings)
Latest results.
Build works and program starts.
Access to $HOME files works. Outside $HOME: no access.
libchamplain (internet map service) does not work.
snappy-debug does nothing
$ snappy-debug waits for terminal input
$ snappy-debug fotoxx same happens
below:
1. current snapcraft.yaml
2. build log
3. program startup - log file
===================================================================================
name: fotoxx
version: '23.76'
summary: Edit photos and manage a large collection
description: |
Navigate folders in a large image collection using a thumbnail browser.
View and edit image files (RAW, jpeg, png, tiff ...). Zoom/pan/scroll.
Internal editing uses 24 bits per color, output is 8 or 16 bits.
Fotoxx has extensive tools for edit, repair, enhance, special effects.
View image updates interactively as edits are made, usually < 1 second.
Undo and redo within an edit function and across multiple functions.
File versioning: save and recall multiple edit stages, before/after.
Select image features or areas to edit separately from background.
Copy and paste area selections within and across images.
Combine functions: HDR, HDF, panorama, stack, images/text mashup.
Metadata edit and report: tags, captions, dates, locations ...
Search images using folder/file names and any metadata (wildcards too).
Albums: select images and arrange their order using thumbnail drags.
Albums can be automatically updated when underlying images are edited.
Slide Show with animated transitions, text, and image pan/zoom.
Scalable world map with location markers - click for thumbnail gallery.
Batch functions: convert, resize, upright, move, add/revise metatata.
User Guide (English) describes all functionality in great detail.
grade: stable
confinement: strict # classic conflicts with gnome extension
base: core22
compression: lzo
parts:
fotoxx:
plugin: make
source-type: tar
source: fotoxx-23.76-source.tar.gz
build-packages:
- libchamplain-0.12-dev # not included in gnome extension
- libchamplain-gtk-0.12-dev
stage-packages:
- libchamplain-0.12-0
- libchamplain-gtk-0.12-0
- xdg-utils # outboard programs
- x11-utils
- binutils
- dcraw
- libimage-exiftool-perl
- ffmpeg
- webp
- libheif-examples
- libopenjp2-tools
- vlc
apps:
fotoxx:
environment:
HOME: $SNAP_USER_COMMON # snap $HOME = user $HOME
command: usr/bin/fotoxx
plugs: [home]
extensions: [gnome]
# install: $ sudo snap install fotoxx_23.76_amd64.snap --dangerous
=================================================================================
fotoxx-snapcraft $: snapcraft clean
Cleaned build provider
fotoxx-snapcraft $: snapcraft
Launching instance...
Executed: pull fotoxx
Executed: pull gnome/sdk
Executed: build fotoxx
Executed: build gnome/sdk
Executed: stage fotoxx
Executed: stage gnome/sdk
Executed: prime fotoxx
Executed: prime gnome/sdk
Executed parts lifecycle
Generated snap metadata
Unable to determine library dependencies for 'usr/lib/x86_64-linux-gnu/libpocketsphinx.so.3.0.0'
Unable to determine library dependencies for 'usr/lib/x86_64-linux-gnu/libsphinxad.so.3.0.0'
Lint warnings:
- library: libhardsid-builder.so.0: unused library 'usr/lib/libhardsid-builder.so.0.0.1'. (https://snapcraft.io/docs/linters-library)
- library: libEGL_mesa.so.0: unused library 'usr/lib/x86_64-linux-gnu/libEGL_mesa.so.0.0.0'. (https://snapcraft.io/docs/linters-library)
- library: libGLX_mesa.so.0: unused library 'usr/lib/x86_64-linux-gnu/libGLX_mesa.so.0.0.0'. (https://snapcraft.io/docs/linters-library)
- library: libcaca++.so.0: unused library 'usr/lib/x86_64-linux-gnu/libcaca++.so.0.99.19'. (https://snapcraft.io/docs/linters-library)
- library: libcolordprivate.so.2: unused library 'usr/lib/x86_64-linux-gnu/libcolordprivate.so.2.0.5'. (https://snapcraft.io/docs/linters-library)
- library: libdconf.so.1: unused library 'usr/lib/x86_64-linux-gnu/libdconf.so.1.0.0'. (https://snapcraft.io/docs/linters-library)
- library: libfaad_drm.so.2: unused library 'usr/lib/x86_64-linux-gnu/libfaad_drm.so.2.0.0'. (https://snapcraft.io/docs/linters-library)
- library: libflite_cmu_grapheme_lang.so.1: unused library 'usr/lib/x86_64-linux-gnu/libflite_cmu_grapheme_lang.so.2.2'. (https://snapcraft.io/docs/linters-library)
- library: libflite_cmu_grapheme_lex.so.1: unused library 'usr/lib/x86_64-linux-gnu/libflite_cmu_grapheme_lex.so.2.2'. (https://snapcraft.io/docs/linters-library)
- library: libflite_cmu_indic_lex.so.1: unused library 'usr/lib/x86_64-linux-gnu/libflite_cmu_indic_lex.so.2.2'. (https://snapcraft.io/docs/linters-library)
- library: libflite_cmu_time_awb.so.1: unused library 'usr/lib/x86_64-linux-gnu/libflite_cmu_time_awb.so.2.2'. (https://snapcraft.io/docs/linters-library)
- library: libicuio.so.70: unused library 'usr/lib/x86_64-linux-gnu/libicuio.so.70.1'. (https://snapcraft.io/docs/linters-library)
- library: libicutest.so.70: unused library 'usr/lib/x86_64-linux-gnu/libicutest.so.70.1'. (https://snapcraft.io/docs/linters-library)
- library: libjacknet.so.0: unused library 'usr/lib/x86_64-linux-gnu/libjacknet.so.0.1.0'. (https://snapcraft.io/docs/linters-library)
- library: libjackserver.so.0: unused library 'usr/lib/x86_64-linux-gnu/libjackserver.so.0.1.0'. (https://snapcraft.io/docs/linters-library)
- library: liblua5.2-c++.so.0: unused library 'usr/lib/x86_64-linux-gnu/liblua5.2-c++.so.0.0.0'. (https://snapcraft.io/docs/linters-library)
- library: libmfx-tracer.so.1: unused library 'usr/lib/x86_64-linux-gnu/libmfx-tracer.so.1.35'. (https://snapcraft.io/docs/linters-library)
- library: libmfxhw64.so.1: unused library 'usr/lib/x86_64-linux-gnu/libmfxhw64.so.1.35'. (https://snapcraft.io/docs/linters-library)
- library: libmpeg2convert.so.0: unused library 'usr/lib/x86_64-linux-gnu/libmpeg2convert.so.0.0.0'. (https://snapcraft.io/docs/linters-library)
- library: libsphinxad.so.3: unused library 'usr/lib/x86_64-linux-gnu/libsphinxad.so.3.0.0'. (https://snapcraft.io/docs/linters-library)
- library: libzvbi-chains.so.0: unused library 'usr/lib/x86_64-linux-gnu/libzvbi-chains.so.0.0.0'. (https://snapcraft.io/docs/linters-library)
Created snap package fotoxx_23.76_amd64.snap
fotoxx-snapcraft $: sudo snap install fotoxx_23.76_amd64.snap --dangerous
fotoxx 23.76 installed
=================================================================================
fotoxx-snapcraft $: fotoxx
command: /snap/fotoxx/x43/usr/bin/fotoxx
fotoxx-23.76
program exe: /snap/fotoxx/x43/usr/bin/fotoxx
build date/time: Nov 10 2023 12:41:34
fotoxx home: /home/mico/snap/fotoxx/common/.fotoxx
-------------------------------------------
start fotoxx Fri Nov 10 13:50:28
Gtk-Message: 13:50:28.537: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it.
(fotoxx:115798): Gtk-WARNING **: 13:50:28.572: GTK+ module /snap/fotoxx/x43/gnome-platform/usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so cannot be loaded.
GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported.
Gtk-Message: 13:50:28.572: Failed to load module "canberra-gtk-module"
(fotoxx:115798): Gtk-WARNING **: 13:50:28.573: GTK+ module /snap/fotoxx/x43/gnome-platform/usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so cannot be loaded.
GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported.
Gtk-Message: 13:50:28.573: Failed to load module "canberra-gtk-module"
GTK version: 3.24.33
No such schema “org.gnome.mutter”
zshell: gsettings set org.gnome.mutter check-alive-timeout 10000
zshell error: Operation not permitted
sh: 1: pidof: Permission denied
temp files: /home/mico/snap/fotoxx/common/.fotoxx/temp/temp-115798
file maps not installed
load_params()
m_viewmode F
free real memory: 29599 MB
image size limits for reasonable performance:
view: 4767 megapixels edit: 447 megapixels
sh: 1: lscpu: Permission denied
using SMP thread count: 4
screen width: 3840 height: 2160
top image folders:
/home/mico/images/fotoxx-test
/home/mico/images/gallery
sh: 1: df: Permission denied
free disk space: 0 GB
thumbnails folder: /home/mico/snap/fotoxx/common/.fotoxx/thumbnails
full image index: reports will be complete
dialog started: build index
image index records found: 2207
image files found: 2207
index updates needed: 0 thumbnails: 1
ffmpeg: error while loading shared libraries: libblas.so.3: cannot open shared object file: No such file or directory
zshell: ffmpeg -ss 1 -i "/home/mico/images/gallery/2018.10 Hurricane Michael.mp4" -v 8 -frames 1 -y /home/mico/snap/fotoxx/common/.fotoxx/temp/temp-115798/framefile-140550380447296.jpg
zshell error: Key has expired
ffmpeg cannot get video frame: /home/mico/images/gallery/2018.10 Hurricane Michael.mp4 Key has expired
update_thumbfile() failure: /home/mico/images/gallery/2018.10 Hurricane Michael.mp4
index updates: 0 thumbnail updates: 1, deletes: 0
writing updated image index file
all image files, including unmounted folders: 2207
after removal of missing and blacklisted: 2207
Image files: 2184 4.6 GB RAW files: 23 0.6 GB
thumbnails found: 2206
thumbnails deleted: 0
index time: 0.2 seconds
save_params()
Can't locate Image/ExifTool.pm in @INC (you may need to install the Image::ExifTool module) (@INC contains: /snap/fotoxx/x43/usr/bin/lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /snap/fotoxx/x43/usr/bin/exiftool line 39.
BEGIN failed--compilation aborted at /snap/fotoxx/x43/usr/bin/exiftool line 39.
m_viewmode F
start gallery: /home/mico/images/fotoxx-test
start file: /home/mico/images/fotoxx-test/2020.10 computer art.jpg
startup time: 1.1 secs.
main window delete event
m_quit
Quit Fotoxx
save_params()
zexit: Fotoxx exit
KilledGiven the errors in your app output this is surprising… are you running snappy-debug alongside the execution of your app in a terminal in the same session and at the same time ?
If your app hits and/or tries to exceed any sandbox boundaries while running snappy-debug should give you hints how to solve them…
Add this to your snap too in apps.environment
DISABLE_WAYLAND: 1
This app doesn’t work in Wayland.
The user home is actually $SNAP_REAL_HOME
The exact mechanism is that the portals effectively change the path your app sees, so if the user accesses say, /foo/bar, the file (or folder) will show to your app in /run/user/$UID/docs. From the perspective of your app, anything that isn’t in covered by the home interface would magically be there instead.
The access once in there is persistent, so you’d be able to rely on a user selecting a folder and that folder being remembered. What may cause problems is if the user sees the path being something that they might not expect. But importantly, whilst it looks like the file/folder has two different paths, they are infact the same file/folder, and changes to one are instant across both paths. (basically a fancy symlink/bindmount).
I’d still personally throw the removable-media interface into your plugs, although possibly not ask for auto-connection if you’re satisfied you don’t need it. Whilst the vast majority of people will have working portal support, there might be edge cases where the portals don’t work so the GUI file picker would still be restricted by the sandboxing (how it currently is since you’re not using the Native class), and those edge case users would be able to manually connect that interface if they need to.
Actually it’s the place to keep the config file of the app. So, I suggested that.
1 Like
@mkornelix This can be a very good starting point
name: fotoxx
base: core22
adopt-info: fotoxx
grade: stable
confinement: strict
parts:
fotoxx:
plugin: make
source: https://kornelix.net/downloads/downloads/fotoxx-23.74-source.tar.gz
build-packages:
- libchamplain-gtk-0.12-dev
override-pull: |
craftctl default
sed -i 's/<release> version="\([^"]*\)" <\/release>/<release version="\1"> <\/release>/' metainfo/kornelix.fotoxx.metainfo.xml
prime:
- -usr/share/man
parse-info:
- usr/share/metainfo/kornelix.fotoxx.metainfo.xml
deps:
plugin: nil
stage-packages:
- libchamplain-gtk-0.12-0
- libimage-exiftool-perl
- dcraw
- binutils
- webp
- libheif-examples
- libopenjp2-tools
prime:
- usr/bin/dccleancrw
- usr/bin/dcfujigreen
- usr/bin/dcfujiturn
- usr/bin/dcfujiturn16
- usr/bin/dcparse
- usr/bin/dcraw
- usr/bin/addr2line
- usr/bin/dwebp
- usr/bin/heif-convert
- usr/lib/*/libheif.so.1
- usr/lib/*/libheif.so.1.12.0
- usr/bin/opj_decompress
- usr/bin/exiftool
- usr/bin/lib/*
- usr/lib/*/libchamplain-gtk-0.12.so.0
- usr/lib/*/libchamplain-gtk-0.12.so.0.11.10
- usr/lib/*/libchamplain-0.12.so.0
- usr/lib/*/libchamplain-0.12.so.0.11.10
organize:
usr/share/perl5: usr/bin/lib
plugs:
ffmpeg-2204:
interface: content
target: ffmpeg-platform
default-provider: ffmpeg-2204
apps:
fotoxx:
command: usr/bin/fotoxx
desktop: usr/share/applications/fotoxx.desktop
environment:
HOME: $SNAP_USER_COMMON
DISABLE_WAYLAND: 1
PATH: $SNAP/ffmpeg-platform/usr/bin:$PATH
LD_LIBRARY_PATH: $SNAP/ffmpeg-platform/usr/lib/$CRAFT_ARCH_TRIPLET:$LD_LIBRARY_PATH
extensions:
- gnome
plugs:
- home
- removable-media
Yes I am the main author of Fotoxx. I own the website kornelix.net where source code published. Mike Cornelison
The above manifest can help you go further
There is a reason why HOME points to $SNAP_USER_DATA by default… namely to put config files of apps into a dir tied to the binary version of the app, to prevent breakage on snap revert when there are incompatible changes in config files …
forcefully pushing HOME from the default SNAP_USER_DATA to SNAP_USER_COMMON breaks that feature of snaps … the common dir should only be used for version independent data like caches, themes or databases…
1 Like
It just hardcodes the path. That’s the reason why @mkornelix thought that he’d need personal files to access $HOME/.fotoxx folder, which actually pointed the previous revisions.
Reset and start over using soumyaDghosh rewrite of the snapcraft.yaml
name: fotoxx
summary: Edit photos and manage a large collection
description: |
Navigate folders in a large image collection using a thumbnail browser.
base: core22
adopt-info: fotoxx
grade: stable
confinement: strict
parts:
fotoxx:
plugin: make
source: https://kornelix.net/downloads/downloads/fotoxx-23.74-source.tar.gz
build-packages:
- libchamplain-gtk-0.12-dev
override-pull: |
craftctl default
sed -i 's/<release> version="\([^"]*\)" <\/release>/<release version="\1"> <\/release>/' metainfo/kornelix.fotoxx.metainfo.xml
prime:
- -usr/share/man
parse-info:
- usr/share/metainfo/kornelix.fotoxx.metainfo.xml
deps:
plugin: nil
stage-packages:
- libchamplain-gtk-0.12-0
- libimage-exiftool-perl
- dcraw
- binutils
- webp
- libheif-examples
- libopenjp2-tools
prime:
- usr/bin/dccleancrw
- usr/bin/dcfujigreen
- usr/bin/dcfujiturn
- usr/bin/dcfujiturn16
- usr/bin/dcparse
- usr/bin/dcraw
- usr/bin/addr2line
- usr/bin/dwebp
- usr/bin/heif-convert
- usr/lib/*/libheif.so.1
- usr/lib/*/libheif.so.1.12.0
- usr/bin/opj_decompress
- usr/bin/exiftool
- usr/bin/lib/*
- usr/lib/*/libchamplain-gtk-0.12.so.0
- usr/lib/*/libchamplain-gtk-0.12.so.0.11.10
- usr/lib/*/libchamplain-0.12.so.0
- usr/lib/*/libchamplain-0.12.so.0.11.10
organize:
usr/share/perl5: usr/bin/lib
plugs:
ffmpeg-2204:
interface: content
target: ffmpeg-platform
default-provider: ffmpeg-2204
apps:
fotoxx:
command: usr/bin/fotoxx
desktop: usr/share/applications/fotoxx.desktop
environment:
HOME: $SNAP_USER_COMMON
DISABLE_WAYLAND: 1
PATH: $SNAP/ffmpeg-platform/usr/bin:$PATH
LD_LIBRARY_PATH: $SNAP/ffmpeg-platform/usr/lib/$CRAFT_ARCH_TRIPLET:$LD_LIBRARY_PATH
extensions:
- gnome
plugs:
- home
- removable-media
=================================================================================
Fotoxx log file
-------------------
fotoxx-snapcraft $: fotoxx
command: /snap/fotoxx/x44/usr/bin/fotoxx
fotoxx-23.76
program exe: /snap/fotoxx/x44/usr/bin/fotoxx
build date/time: Nov 11 2023 09:02:55
fotoxx home: /home/mico/snap/fotoxx/common/.fotoxx
-------------------------------------------
start fotoxx Sat Nov 11 10:39:01
Gtk-Message: 10:39:01.777: Not loading module "atk-bridge": The functionality is provided by GTK natively. Please try to not load it.
(fotoxx:123477): Gtk-WARNING **: 10:39:01.812: GTK+ module /snap/fotoxx/x44/gnome-platform/usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so cannot be loaded.
GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported.
Gtk-Message: 10:39:01.812: Failed to load module "canberra-gtk-module"
(fotoxx:123477): Gtk-WARNING **: 10:39:01.813: GTK+ module /snap/fotoxx/x44/gnome-platform/usr/lib/gtk-2.0/modules/libcanberra-gtk-module.so cannot be loaded.
GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported.
Gtk-Message: 10:39:01.813: Failed to load module "canberra-gtk-module"
GTK version: 3.24.33
No such schema “org.gnome.mutter”
zshell: gsettings set org.gnome.mutter check-alive-timeout 10000
zshell error: Operation not permitted
sh: 1: pidof: Permission denied
temp files: /home/mico/snap/fotoxx/common/.fotoxx/temp/temp-123477
file maps not installed
load_params()
m_viewmode F
free real memory: 29505 MB
image size limits for reasonable performance:
view: 4751 megapixels edit: 445 megapixels
sh: 1: lscpu: Permission denied
using SMP thread count: 4
screen width: 3840 height: 2160
top image folders:
/home/mico/images/gallery
/home/mico/images/space
sh: 1: df: Permission denied
free disk space: 0 GB
thumbnails folder: /home/mico/snap/fotoxx/common/.fotoxx/thumbnails
full image index: reports will be complete
dialog started: build index
image index records found: 3744
image files found: 3744
index updates needed: 0 thumbnails: 1
ffmpeg: error while loading shared libraries: libblas.so.3: cannot open shared object file: No such file or directory
zshell: ffmpeg -ss 1 -i "/home/mico/images/gallery/2018.10 Hurricane Michael.mp4" -v 8 -frames 1 -y /home/mico/snap/fotoxx/common/.fotoxx/temp/temp-123477/framefile-140669213460032.jpg
zshell error: Key has expired
ffmpeg cannot get video frame: /home/mico/images/gallery/2018.10 Hurricane Michael.mp4 Key has expired
update_thumbfile() failure: /home/mico/images/gallery/2018.10 Hurricane Michael.mp4
index updates: 0 thumbnail updates: 1, deletes: 0
writing updated image index file
all image files, including unmounted folders: 3744
after removal of missing and blacklisted: 3744
Image files: 3743 7.9 GB RAW files: 1 0.0 GB
thumbnails found: 3743
thumbnails deleted: 0
index time: 0.2 seconds
save_params()
Can't locate Image/ExifTool.pm in @INC (you may need to install the Image::ExifTool module) (@INC contains: /snap/fotoxx/x44/usr/bin/lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /snap/fotoxx/x44/usr/bin/exiftool line 39.
BEGIN failed--compilation aborted at /snap/fotoxx/x44/usr/bin/exiftool line 39.
m_viewmode F
start gallery: /home/mico/images/gallery
start file: /home/mico/images/gallery/01_BUGATTI_Motion.v01.png
startup time: 1.1 secs.
m_viewmode W
m_load_netmap
total image geolocations: 1
main window delete event
m_quit
Quit Fotoxx
save_params()
zexit: Fotoxx exit
Killed
========================================================================================
snappy-debug output
--------------------------
mico $: snappy-debug
INFO: Following '/var/log/syslog'. If have dropped messages, use:
INFO: $ sudo journalctl --output=short --follow --all | sudo snappy-debug
= Seccomp =
Time: Nov 11 12:18:27
Log: auid=1000 uid=1000 gid=1000 ses=3 subj=snap.fotoxx.fotoxx pid=144437 comm="fotoxx" exe="/snap/fotoxx/x44/usr/bin/fotoxx" sig=0 arch=c000003e 203(sched_setaffinity) compat=0 ip=0x7f5dbf7105b1 code=0x50000
Syscall: sched_setaffinity
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional sched_setaffinity is often just noise)
= Seccomp =
Time: Nov 11 12:18:27
Log: auid=1000 uid=1000 gid=1000 ses=3 subj=snap.fotoxx.fotoxx pid=144437 comm="fotoxx" exe="/snap/fotoxx/x44/usr/bin/fotoxx" sig=0 arch=c000003e 141(setpriority) compat=0 ip=0x7f5dbf78f93b code=0x50000
Syscall: setpriority
Suggestion:
* ignore the denial if the program otherwise works correctly (unconditional setpriority is often just noise)
= AppArmor =
Time: Nov 11 12:18:27
Log: apparmor="DENIED" operation="exec" profile="snap.fotoxx.fotoxx" name="/usr/sbin/killall5" pid=144578 comm="sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /usr/sbin/killall5 (exec)
Suggestions:
* adjust snap to ship 'killall5'
* adjust program to use relative paths if the snap already ships 'killall5'
= AppArmor =
Time: Nov 11 12:18:27
Log: apparmor="DENIED" operation="exec" profile="snap.fotoxx.fotoxx" name="/usr/bin/lscpu" pid=144597 comm="sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /usr/bin/lscpu (exec)
Suggestions:
* adjust snap to ship 'lscpu'
* adjust program to use relative paths if the snap already ships 'lscpu'
* add one of 'hardware-observe' to 'plugs'
= AppArmor =
Time: Nov 11 12:18:27
Log: apparmor="DENIED" operation="exec" profile="snap.fotoxx.fotoxx" name="/usr/bin/df" pid=144618 comm="sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /usr/bin/df (exec)
Suggestions:
* adjust snap to ship 'df'
* adjust program to use relative paths if the snap already ships 'df'
* add one of 'mount-observe' to 'plugs'
= AppArmor =
Time: Nov 11 12:18:31
Log: apparmor="DENIED" operation="open" profile="snap.fotoxx.fotoxx" name="/etc/ssl/certs/ca-certificates.crt" pid=144437 comm="fotoxx" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /etc/ssl/certs/ca-certificates.crt (read)
Suggestions:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'system-files (see https://forum.snapcraft.io/t/the-system-files-interface for acceptance criteria)' to 'plugs'
= AppArmor =
Time: Nov 11 12:18:55
Log: apparmor="DENIED" operation="exec" profile="snap.fotoxx.fotoxx" name="/usr/bin/df" pid=145608 comm="sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /usr/bin/df (exec)
Suggestions:
* adjust snap to ship 'df'
* adjust program to use relative paths if the snap already ships 'df'
* add one of 'mount-observe' to 'plugs'
===================================================================================
RESULTS
+ no file access outside of $HOME (pending source change to alternate GTK file chooser)
+ exiftool cannot be accessed (system("exiftool...") or popen("exiftool ...","r")
+ internet map access does not work (libchamplain)
+ edit an image creates error "out of space" (temp file created in $HOME/.fotoxx/temp/)
debug log seems to say
+ sched_setaffinity() not allowed. This is to reduce jitter in animated outputs
+ setpriority() not allowed. I cannot find any such call in my code.
+ perfmon() not allowed. I cannot find any such call in my code.I looked at gtk_file_chooser_native_new(). Using this would lose the capability to show a thumbnail for the selected (clicked) file in the folder list. (unless I miss something).
This ‘native’ dialog is meant for non-Linux usage where the UI is handed off to the native file chooser dialog. Fotoxx is Linux only (also works in Windows WSL as a Linux app). Is there no way to continue with the present file chooser and let it choose any file the user has permissions for? Fotoxx of course does check that it is an image file before doing anything else.