I need to call journalctl from within my snap.
At the moment it only works do if I run in devmode and run the command using ‘sudo journalctl’. I ultimately want to run my snap in strict confinement.
I am connecting to the log-observe interface but I think I probably need to add something to the stage-packages in my snapcraft.yaml and also some interfaces. I would appreciate any suggestions.
Here are the confinement warnings I get when I run in strict confinement:
assuming you are on UbuntuCore, there is no adm group … on classic Ubuntu logs are owned by this group and by default any new user is added to it, which allows normal users access to the logs … in UbuntuCore, without this group, you need to be root to open the logs …
you will need to split your app into two parts, a daemon that collects the log info for you with the correct permissions and an app that can collect them from/through that daemon …
Thank you.
So for example I could use something like this to gather the logs locally (so use localhost instead of a remote server)
And then run journalctl on the snap directory from my snap because this is a journald output in my $SNAP_DATA directory so the permissions would be ok?