jocado
November 16, 2023, 10:34am
1
Hi,
While debugging an issue with a snap, I noticed that the snapctl model command with a snap context does not run without any enhanced permissions.
I haven’t done much testing, but it seems to work fine in a snap with snapd-control interface at least.
Without it, I get the following type of error:
error: error running snapctl: insufficient permissions to get model assertion for snap {blah}
If extra interfaces are required, perhaps the docs should be updated to indicate that, as it doesn’t seem clear from the page here: Using the snapctl tool | Snapcraft documentation
Is the requirement of an extra interface expected ?
Cheers,
Just
Hi
See: https://github.com/snapcore/snapd/master/overlord/hookstate/ctlcmd/model.go#L153-L176
The model is owned by brand store and protected accordingly which is why the model command requires one of the following permissions criteria should be met:
The requesting snap must be a gadget OR
Come from the same brand as the device model assertion OR
Have the snapd-control plug
→ I have requested for the documentation to be improved.
Saviq
January 8, 2024, 4:27pm
3
I’ll just leave this issue for reference here in case anyone stumbles upon this thread working out why Frame doesn’t autostart:
https://github.com/MirServer/ubuntu-frame/issues/161
TL;DR: in custom Core images you should set daemon: true in your gadget for any affected snaps.
jocado
January 8, 2024, 5:09pm
4
Great to finally get an explanation - thanks very much
I have requested for the documentation to be improved
That would be really useful, thanks.
Cheers,
Just
