locally installed snaps cannot be connected when base declaration constraints disallow it
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical System Image |
Fix Released
|
High
|
Pat McGowan | ||
Snappy |
Fix Released
|
High
|
Unassigned |
Bug Description
When installing a local snap, it is not possible to connect interfaces that do not belong to the core (ie, 'type: app' slot implementations) due to the intended and designed security restrictions of the base declaration. For instance:
$ sudo snap install --dangerous ~/modem-
$ sudo snap install --dangerous ~/network-
$ sudo snap connect network-
error: cannot perform the following tasks:
- Connect network-
$ sudo snap connect modem-manager:mmcli modem-manager:
error: cannot perform the following tasks:
- Connect modem-manager:mmcli to modem-manager:
The only way to be able to do so is to change basedeclaration.go in snapd sources and remove "deny-connection" for the needed interfaces. This is a pain point as a hacked snapd is needed when developing or updating slot implementation snaps. It should be possible to perform local testing of the snap before submitting to the store, even if we are doing so for the edge channel.
description: | updated |
Changed in snappy: | |
status: | New → Confirmed |
description: | updated |
summary: |
- It is not possible to inter-connect locally installed snaps + locally installed slot implementations cannot be connected due to base + declaration constraints causing a developer pain point |
Changed in canonical-devices-system-image: | |
assignee: | nobody → Pat McGowan (pat-mcgowan) |
importance: | Undecided → High |
milestone: | none → p1 |
status: | New → Confirmed |
tags: | added: personal |
Changed in canonical-devices-system-image: | |
status: | Confirmed → In Progress |
Changed in snappy: | |
status: | In Progress → Fix Released |
@Gustavo - this is what I mentioned on the list as a developer pain point. The base declaration is operating as designed and currently requires a snap declaration from the store.
I'm not sure if you have designed this part of snap declarations yet, but one option to address this would be to support developer-signed snap declarations.