I am in the process of creating a snap for sos, which is a tool that is typically used for support organisations within Canonical and RedHat and others.
In this particular scenario, we want the snap to be strictly confined so that we can potentially push this to Ubunto Core.
My current progress is here, https://github.com/arif-ali/sos/commit/5aed2286535d58d30d319d5c4c0f76f1a3b6f0be, this allows me to create the snap, and install without a problem (I have gone through an iterative process of taking things out of the equation)
When running the command, I get the following error
$ sudo sos report Could not initialize 'report': [Errno 13] Permission denied: 'timeout'
This is pointing to https://github.com/sosreport/sos/blob/master/sos/utilities.py#L133 part of the sos code. So the timeout command is hardcoded.
snappy-debug gives me the following details on the issue.
= AppArmor = Time: Jul 16 14:31:32 Log: apparmor="DENIED" operation="exec" profile="snap.sos.sosreport" name="/usr/bin/timeout" pid=599219 comm="python3" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 File: /usr/bin/timeout (exec) Suggestions: * adjust snap to ship 'timeout' * adjust program to use relative paths if the snap already ships 'timeout'
What I have tried to rectify this, but without any success
- Update the code to use the full path
- Update the code to the the full path from the core20 snap
- Tried adding
stage-packages, but as
coreutilsis already part of the
core20snap, the build does not install this, and hence the
timeoutcommand doesn’t get packaged within the
What I would like to understand is how we can try to get over this hurdle, and get this working? without actually changing the sos code.