I made a strict snap with ros2 simple daemon services for Ubuntu Core system.
It runs without any issue in devmode, but when in try running it on strict mode. it outputs “getifaddrs: Operation not permitted”
and when i check the log it displays “2021-09-24 14:03:04.543 [RTPS_TRANSPORT_SHM Error] Failed to create segment e8a3e74e78b78e78: Permission denied -> Function compute_per_allocation_extra_size”
I tried with snappy debug and it said to add home to plugs which I did , but nothing changed
that sounds more like something like network-control or network-observe would help here, are you sure snappy-debug referred to exactly that error (it usually prints the actual denial alongside)
also, are you running your snap on Ubuntu Core ? there the home plug does not get auto-connected, you need to connect it manually
are you running the command with sudo ? (that does not update $HOME to /root like it should and where the snap would have access through the connected home plug) …
Yeah i removed sudo and the home plug recommendation in the snppy-debug does not appear.
But i tried using network-control and observe plugs but nothing has changed.
I still get “getifaddrs: Operation not permitted”
The new snappy debug output when i run a ros2 client node:
the socket() syscall needs network-bind, try adding that to your plugs … you should also keep using sudo (but put your files into the right directories root can read) since i doubt a normal user even has permissions to even run getifaddrs()
regarding the /dev/shm access, just follow the suggestion of using the snapcraft_preload plugin … (or make your app not try to use /dev/shm directly … i think there is work going on to eventually have a shared-memory interface plug eventually, but that’s still in the planning phase and will take a while) …
Hi @ogra ,
I tried adding snapcraft_preload. It works now. But it always gives an error of
“2021-09-24 14:12:02.347 [RTPS_TRANSPORT_SHM Error] Failed to create segment 212c65e604b6d84c: Permission denied -> Function compute_per_allocation_extra_size
2021-09-24 14:12:02.347 [RTPS_MSG_OUT Error] Permission denied -> Function init”
Can I know why do we need to add snapcraft preload?
Also when trying to run some apps in my snap. it displays
“ERROR: ld.so: object ‘/snap/turftank-software/x11/lib/libsnapcraft-preload.so’ from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.”
this rather looks like your inclusion of snapcraft preload did not properly work yet …
snaps do not have direct access to /dev/shm under confinement, snapcraft preload should re-write this to an allowed location (/dev/shm/snap.$SNAP_NAME/):
I am using network manager in my snap. When i try to run it though a shell script it displays
“ERROR: ld.so: object ‘/snap//x11/lib/libsnapcraft-preload.so’ from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.”
But i tried to create an app which run network-manager, but that doesnt give out any errors.
I did not wrap either of them in snapcraft-preloaded.
in snappy-debug i get
“adjust program to create files and directories in /dev/shm/snap.$SNAP_NAME.*”
How do i add my snap files outside the snap folder in /dev/shm?
you can not, for security reasons access to /dev/shm is blocked … for apps inside the same snap you can use /dev/shm/snap.$SNAP_NAME.* …
and to have your code dynamically re-use that path without having to patch all the functions that are trying to write to /dev/shm you can use the preload library that does dynamically re-write it …
to manager network-manager you should use the network-manager interface and talk to NM via dbus (which this interface fully grants) …
The /dev/shm access issue is related to FAST-RTPS(DDS) newly introduced shared-memory functionality. This is a known issue (referenced e.g. here) and we’re working on it together with eProsima. If you still have issues with snapcraft-preload, you could also try to build fastrtps/dds from source in your snap while disabling the shared-memory option; with the CMake flag
SHM_TRANSPORT_DEFAULT if I’m not mistaken.