And from snapd’s wayland interface:
const waylandConnectedPlugAppArmor = `
# Allow access to the Wayland compositor server socket
owner /run/user/[0-9]*/wayland-[0-9]* rw,
I think we need “l” in there.
Although, if instead I use:
while ! ln -sf $(dirname $XDG_RUNTIME_DIR)/wayland-0 $XDG_RUNTIME_DIR; do sleep 4; done
the link succeeds, but I still get AppAmour denials:
[ 8505.872224] audit: type=1400 audit(1557904044.870:4946): apparmor=“DENIED” operation=“connect” profile=“snap.mir-kiosk-apps.mir-kiosk-app-daemon” name=“/run/user/0/wayland-0” pid=26846 comm=“rssnews” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0
[edit]
Weirdly, if I sudo into mir-test-tools.bash I can use the symbolic link. But running as a daemon in mir-kiosk-apps doesn’t work. Not sure what’s going on here.