"Permission denied" when attempting to read `/proc/net/ipv6_route`
This bug report will be marked for expiration in 37 days if no further activity occurs. (find out why)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
In the MicroCloud project (https:/
Here is our `snapcraft.yaml` for MicroCloud:
```yaml
name: microcloud
base: core22
assumes:
- snapd2.59
version: git
grade: devel
source-code: https:/
summary: Fully automated private clouds
description: |-
Fully automated private clouds.
confinement: strict
apps:
# Service
daemon:
command: commands/
daemon: simple
plugs:
- lxd
- microceph
- microovn
- network
- network-bind
# Commands
microcloud:
command: commands/microcloud
plugs:
- network
parts:
dqlite:
build-
after:
- raft
source: https:/
source-type: git
source-depth: 1
plugin: autotools
autotools-
- --prefix=
stage-packages:
- libsqlite3-0
- libuv1
build-packages:
- libsqlite3-dev
- libuv1-dev
- pkg-config
organize:
usr/lib/: lib/
prime:
- lib/libdqlite*so*
- lib/*/libuv*
raft:
build-
source: https:/
source-type: git
source-depth: 1
plugin: autotools
autotools-
- --prefix=
stage-packages:
- libuv1
- liblz4-1
build-packages:
- libuv1-dev
- liblz4-dev
- pkg-config
organize:
usr/lib/: lib/
prime:
- lib/libraft*so*
- lib/*/libuv.so*
microcloud:
build-
source: https:/
source-type: git
source-depth: 1
after:
- dqlite
build-snaps:
- go
plugin: nil
override-pull: |
craftctl default
set -ex
# Download the dependencies
cd microcloud
go get -d -v -tags=agent ./...
override-build: |
set -ex
# Setup build environment
export CGO_CFLAGS=
export CGO_LDFLAGS=
export CGO_LDFLAGS_
# Build the binaries
cd microcloud
go build -trimpath -o "${SNAPCRAFT_
go build -trimpath -o "${SNAPCRAFT_
# Strip binaries
strip -s "${SNAPCRAFT_
strip -s "${SNAPCRAFT_
prime:
- bin/microcloud
- bin/microcloudd
wrappers:
plugin: dump
source: snapcraft/
```
Access to /proc/net/ ipv6_route (really /proc/self/ net/ipv6_ route) is allowed through network-observe. Actually the interface allows `@{PROC} /@{pid} /net/** r,` so you'll be able to access all files under /proc/self/net. Can you add the plug and see if that works for you?