Snapctl model command seems to require extra permissions


While debugging an issue with a snap, I noticed that the snapctl model command with a snap context does not run without any enhanced permissions.

I haven’t done much testing, but it seems to work fine in a snap with snapd-control interface at least.

Without it, I get the following type of error:

error: error running snapctl: insufficient permissions to get model assertion for snap {blah}

If extra interfaces are required, perhaps the docs should be updated to indicate that, as it doesn’t seem clear from the page here: Using the snapctl tool | Snapcraft documentation

Is the requirement of an extra interface expected ?

Cheers, Just



The model is owned by brand store and protected accordingly which is why the model command requires one of the following permissions criteria should be met:

  1. The requesting snap must be a gadget OR
  2. Come from the same brand as the device model assertion OR
  3. Have the snapd-control plug

→ I have requested for the documentation to be improved.

I’ll just leave this issue for reference here in case anyone stumbles upon this thread working out why Frame doesn’t autostart:

TL;DR: in custom Core images you should set daemon: true in your gadget for any affected snaps.

Great to finally get an explanation - thanks very much :+1:

I have requested for the documentation to be improved

That would be really useful, thanks.

Cheers, Just