Hello Everyone,

I'm reaching out to seek assistance with an issue I'm facing regarding socket binding in a snap application, along with an AppArmor denial error.

Problem Description:
I've developed a C++ program that acts as a Unix socket server, serving as a middleware between the licensing manager API and another application. The program creates a directory and listens for incoming connections via a Unix domain socket. When I run the C++ executable locally on my Ubuntu 20.04 development machine, the socket is bound successfully, and the server listens for incoming connections without any issues.

However, after building a snap of the program and installing it on my CtrlX Core Virtual device (version 1.20.12), I encounter the following errors (Diagnostics ->Logbook):

• Error on binding socket
• AVC apparmor="DENIED" operation="bind" profile="snap.licensing.licensing" pid=10550 comm="check-license" family="unix" sock_type="stream" protocol=0 requested_mask="bind" denied_mask="bind" addr=none

Additional Information:

Build Environment: Ubuntu 20.04
Snap Base: core20
CtrlX Core Virtual Version: 1.20.12
CtrlX Works Version: 1.20.5

Here is my snapcraft.yaml file:

name: licensing
version: "0.0.1"
grade: stable
base: core20
confinement: strict

apps:
  licensing:
    command: check-license
    plugs:
      - network
      - network-bind
      - content
      - system-files
    daemon: simple
    passthrough:
      restart-condition: on-failure
      restart-delay: 10s

parts:
  licensing:
    plugin: dump
    source: ./generated/build
    stage-packages:
    - libasn1-8-heimdal
    - libbrotli1
    - libcurl4
    - libgssapi3-heimdal
    - libhcrypto4-heimdal
    - libheimbase1-heimdal
    - libheimntlm0-heimdal
    - libhx509-5-heimdal
    - libkrb5-26-heimdal
    - libldap-2.4-2
    - libnghttp2-14
    - libpsl5
    - libroken18-heimdal
    - librtmp1
    - libsasl2-2
    - libssh-4
    - libwind0-heimdal  

And also my main.cpp:

#include <iostream>
#include <fstream>
#include <filesystem>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>
#include "helper/helper.h"
#include "third_party/nlohmann/json.hpp"
#include "licensing-service/licenseClient.h"
#include "constants.h"

// Use the nlohmann namespace for JSON parsing 
using json = nlohmann::json;

// Use the std namespace for standard C++ functions
using namespace std;

int main()
{
    Helper installer; // Create an instance of the class that contains helper functions for the installer
    LicenseClient licenseClient; // Create an instance of the class that contains functions to access the License Manager API

    const string snapCommonPath = installer.getEnvVar("SNAP_COMMON");

    string licensingSocketPath = snapCommonPath + "/sockets";

    const char* socket_path = (licensingSocketPath + "/licensing.sock").c_str();

    const int nIncomingConnections = 5;
    const int backlog = 5; // Maximum number of pending connections in the queue

    bool doDirectoriesExcist = filesystem::exists(licensingSocketPath);

    if (!doDirectoriesExcist)
    {
        // Create the directories
        filesystem::create_directories(licensingSocketPath);
        cout << "Directories created successfully" << endl;
    }

    // Create socket
    //create server side
	int s = 0;
	int s2 = 0;
	struct sockaddr_un local, remote;
	int len = 0;

	s = socket(AF_UNIX, SOCK_STREAM, 0);
	if( -1 == s )
	{
		printf("Error on socket() call \n");
		return 1;
	}

	local.sun_family = AF_UNIX;
	strcpy( local.sun_path, socket_path );
	unlink(local.sun_path);
	len = strlen(local.sun_path) + sizeof(local.sun_family);
	if( bind(s, (struct sockaddr*)&local, len) != 0)
	{
		printf("Error on binding socket \n");
		return 1;
	}

	if( listen(s, nIncomingConnections) != 0 )
	{
		printf("Error on listen call \n");
	}

	bool bWaiting = true;
	while (bWaiting)
	{
		unsigned int sock_len = 0;
		printf("Waiting for connection.... \n");
		if( (s2 = accept(s, (struct sockaddr*)&remote, &sock_len)) == -1 )
		{
			printf("Error on accept() call \n");
			return 1;
		}

		printf("Server connected \n");

		int data_recv = 0;
		char recv_buf[100];
		char send_buf[200];
		do{
			memset(recv_buf, 0, 100*sizeof(char));
			memset(send_buf, 0, 200*sizeof(char));
			data_recv = recv(s2, recv_buf, 100, 0);
			if(data_recv > 0)
			{
				printf("Data received: %d : %s \n", data_recv, recv_buf);
				strcpy(send_buf, "Got message: ");
				strcat(send_buf, recv_buf);

				if(strstr(recv_buf, "quit")!=0)
				{
					printf("Exit command received -> quitting \n");
					bWaiting = false;
					break;
				}

				if( send(s2, send_buf, strlen(send_buf)*sizeof(char), 0) == -1 )
				{
					printf("Error on send() call \n");
				}
			}
			else
			{
				printf("Error on recv() call \n");
			}
		}while(data_recv > 0);

		close(s2);
	}

    return 0;
}

Your assistance and insights on this matter would be greatly appreciated. Please let me know if you require any further information or if there are any specific details I should provide.

Thank you in advance!