Hello,
I am trying to mount a tmpfs from within my snap. Ideally, this would occur during the install hook. For development purposes, the snap just provides a simple script that calls mount. I would like to mount the directory with read/write permissions at $SNAP_COMMON/.
So far, I have been unsuccessful. I am curious if anyone has any ideas as to why. The failure seems to be due to an apparmor policy. The mount command is correct as I can run it as sudo outside of my snap without any issues. The error at the terminal is:
mount: /var/snap/snapa/common/mymount: tmpfs is write-protected but explicit read-write mode requested.
In the systemd journal, I find that the following audit logs exist:
May 15 07:10:47 jtompkins-virtual-machine audit[669957]: AVC apparmor="DENIED" operation="capable" class="cap" profile="snap.snapa.domount" pid=669957 comm="do_mount" capability=2 capname="dac_read_search"
May 15 07:10:47 jtompkins-virtual-machine audit[669995]: AVC apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="snap.snapa.domount" name="/var/snap/snapa/common/mymount/" pid=669995 comm="mount" fstype="tmpfs" srcname="tmpfs"
My snapcraft.yaml is as follows (minus some of the package description information):
...
plugs:
mntctl:
interface: mount-control
auto-connection: true
mount:
- what: none
where: $SNAP_COMMON/mymount
options: [rw]
type: [tmpfs]
apps:
domount:
command: bin/do_mount
plugs: [ home, mntctl ]
hooks:
configure:
plugs: [mntctl]
install:
plugs: [mntctl]
parts:
do-mount-part:
plugin: dump
source: .
organize:
do_mount: bin/do_mount
...
My do_mount script is very simple:
#!/bin/bash
MOUNT_POINT="$(snapctl get mount.point)"
EXISTENCE_STRING="DOES NOT EXIST"
if [ $(snapctl is-connected mntctl) ] ; then
EXISTENCE_STRING="EXISTS"
fi
echo "Connection to mount-control $EXISTENCE_STRING"
if [ ! -d "$MOUNT_POINT" ] ; then
echo "Creating $MOUNT_POINT"
mkdir -p "$MOUNT_POINT"
chmod 775 "$MOUNT_POINT"
fi
mount -t tmpfs -v -o size=10M,mode=0775 -w tmpfs $MOUNT_POINT
Finally, I have a simple default-configuration hook that looks like the following:
#!/bin/bash
snapctl set mount.point="$SNAP_COMMON/mymount"
This error is occurring after manually connecting my snapa:mntctl
plug to the :mount-control
slot. Running snap connections snapa
shows that they are indeed connected.
Thank you in advance.