FORUM CTRLX AUTOMATION
ctrlX World Partner Apps for ctrlX AUTOMATION
12-12-2023 04:23 PM
Hi,
I'm creating a snap for a 3rd party application. This application refuses to run as root. If the application detects it's running with root permissions, it will terminate, thus the application must be executed with unpriviledged user permission within the snap context.
There is a trick how to switch from the default root user to unpriviledged user called snap_daemon inside the snap context: https://snapcraft.io/docs/system-usernames
Now the application accepts to run, but the problem is access to system resource. Snap_daemon does not have permission to bind TCP server socket for listening incoming connections (the port number is outsided of restricted range >1024).
Is there a way allow network bind for unpriviledged user?
Normal application with normal root user would only need 'plugs: network_bind' definition in snapcraft.yaml. For clarity: the problem is not related to permissions of the snap, but permissions of the application inside the snap.
Here are selected relevant parts of my snapcraft.yaml:
system-usernames:
snap_daemon: shared
apps:
myapp:
command: launcher.sh
plugs: [network, network_bind]
Solved! Go to Solution.
12-12-2023 09:24 PM - edited 12-12-2023 09:26 PM
Silly me, it's network-bind, not network_bind.
Usually snapcraft is very strict when parsing the snapcraft.yaml file, but for some reason it didn't detected this typo, which is also hard for human to recognize.
I investigated the interfaces of the snap with 'snap connections' command, and wondered why network-bind is missing. That's how I found the typo.