Hi all,
I am in the process of creating a snap for sos, which is a tool that is typically used for support organisations within Canonical and RedHat and others.
In this particular scenario, we want the snap to be strictly confined so that we can potentially push this to Ubunto Core.
My current progress is here, https://github.com/arif-ali/sos/commit/5aed2286535d58d30d319d5c4c0f76f1a3b6f0be, this allows me to create the snap, and install without a problem (I have gone through an iterative process of taking things out of the equation)
When running the command, I get the following error
$ sudo sos report
Could not initialize 'report': [Errno 13] Permission denied: 'timeout'
This is pointing to https://github.com/sosreport/sos/blob/master/sos/utilities.py#L133 part of the sos code. So the timeout command is hardcoded.
Running snappy-debug
gives me the following details on the issue.
= AppArmor =
Time: Jul 16 14:31:32
Log: apparmor="DENIED" operation="exec" profile="snap.sos.sosreport" name="/usr/bin/timeout" pid=599219 comm="python3" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
File: /usr/bin/timeout (exec)
Suggestions:
* adjust snap to ship 'timeout'
* adjust program to use relative paths if the snap already ships 'timeout'
What I have tried to rectify this, but without any success
- Update the code to use the full path
- Update the code to the the full path from the core20 snap
- Tried adding
coreutils
understage-packages
, but ascoreutils
is already part of thecore20
snap, the build does not install this, and hence thetimeout
command doesn’t get packaged within thesos
snap
What I would like to understand is how we can try to get over this hurdle, and get this working? without actually changing the sos code.