Snap service access to files under /root?


#1

AFAICT:

  • Snap services are currently run as root but with enforced security confinement
  • The home interface grants regular files access to the running user’s $HOME

However when I made a daemon snap access /root I got an audit error:

audit: type=1400 audit(1555830781.214:701): apparmor="DENIED" operation="open" profile="snap.uhttpd.uhttpd" name="/root/test_uhttpd/" pid=21300 comm="uhttpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Is it possible to allow file access under the /root directory to snap daemons?


#2

Snaps have access under /root with the home interface too. Have you tried connecting it?