Snap using /usr/bin/snap fails

dparv · February 7, 2023, 12:25pm

Trying to build a snap that utilizes /usr/bin/snap to list currently installed snaps on the system and their channel/revision, trying with this layout:

layout: /usr/bin/snap: bind-file: $SNAP/usr/bin/snap

Installing the snap fails with:

Setup snap “exporter” (unset) security profiles (cannot update mount namespace of snap “exporter”: cannot update preserved namespace of snap “exporter”: cannot update snap namespace: no such file or directory)

Is there a specific plug to use for this? Tried classic confinement is the same error, although on classic I can successfully use snap command, but I would like to have the option to go to strict confined snap with this.

For reference in focal I can use /usr/bin/snap without any issues, even without the layout, on jammy+ I get ‘no such file snap’ when trying to run it from within the snap.

ogra · February 7, 2023, 12:56pm

you can not run the snap tool from inside a snap … to control snap commands you have to use the REST API that snapd provides through the snapd-control interface …

note tough that this interface is not being granted for snaps in the global store (since it means you can actually take over the users device) and is instead limited to be used in brand stores.