Hello!
I built two applications using snapcraft(say snap1 and snap2) with confinement as devmode. snap1 is a simple daemon application which starts snap2(not a daemon) and both work normally. I’m developing for Dell Edge Gateway device with Ubuntu core-16 on it.
Now for security purpose I have to change the confinement of both these snaps to strict confinement and build again. But after this modification,
- snap1 is unable to start snap2.
- snap2 is unable to open port or read data from serial-port-ioioix
However I’m able to access network via the applications after the following changes. I have done following changes for snap1 and snap2 in their respective yaml files: 1. snap1.yaml name: snap1 _ version: ‘0.8’ summary: This is a snap1 description: | _ Some description.
grade: stable #devel # must be ‘stable’ to release into candidate/stable channels confinement: strict #devmode # use ‘strict’ once you have the right plugs and slots
apps: _ snap1:_ _ command: bin/snap1_ _ plugs:_ _ - network_ _ - network-bind_ _ - home_ _ - removable-media_ _ - shutdown_ _ - snapd-control_ _ - daemon-notify_ _ - system-trace_ _ - timezone-control_ _ daemon: simple_
parts: _ snap1-app:_ _ plugin: cmake_ _ configflags:_ _ - -DAPPVERSION=0.8_ _ # build-packages: [libssl-dev]_ _ # stage-packages: [libssl-dev]_ _ source: ._
2. snap1.yaml name: snap2 version: ‘1.0.7’ _ summary: This is a snap2 description: | _ Some description.
grade: stable #devel # must be ‘stable’ to release into candidate/stable channels confinement: strict #devmode # use ‘strict’ once you have the right plugs and slots
apps: _ snap2:_ _ command: bin/snap2_ _ plugs:_ _ - network_ _ - network-bind_ _ - home_ _ - removable-media_ _ - serial-port_ _ - raw-usb_ _ - io-ports-control_ _ - gpio_
parts: _ snap2-app:_ _ plugin: cmake_ _ configflags:_ _ - -DBUILDFROMSNAP=TRUE_ _ - -DAPPVERSION=1.0.7_ _ source: ._
Please let me know if any other change is to be done.
– Thanks in advance… :)