Snap application doesn't see files from another partition

Question

I have installed KeePassXC snap package on Ubuntu 17.10. I have multiple linux systems installed on the same drive, so I have made most of my home folders like ~/Documents created as links to a separate ext4 partition (users have same uid so permissions are correct). I tried to open my passwords' database which I have inside Documents, but keepassxc cannot see any files inside Documents. If I put the file in my home folder then it sees it.

Are snap packages able to find files outside from my home folder? Any way to make KeePassXC (and the rest snap packages) access the files at my separate ext4 partition (maybe some configuration somewhere)?

I think hard links are forbidden from crossing partitions! – George Udosen Oct 12 '17 at 20:18 — George Udosen, Oct 12 '17 at 20:18
George, I suspect they're symlinks. – kyrofa Oct 12 '17 at 20:48 — kyrofa, Oct 12 '17 at 20:48

kyrofa · Accepted Answer · 2020-04-20T18:20:47.833

27

Snaps are typically confined. By default snaps can access nothing but their own writable areas, but they can gain permissions by way of interfaces. There are two interfaces that provide the ability to access files beyond the default: the home interface, and the removable-media interface. I assume KeePassXC uses the home interface, which is how you can access ~/Documents. Perhaps it even uses the removable-media interface, but that only covers stuff mounted into /media or /mnt. If your other partitions are mounted elsewhere, the snap will not have permission to follow the symlinks.

The ways to make this work, ordered by difficulty:

Mount the partitions into your home directory rather than symlinking them.
Mount the partitions into /media and ensure KeePassXC uses the removable-media interface. This may be an upstream change, but a small one.
Change KeePassXC into a classic snap, thereby making it no longer strictly confined. This is a larger change and upstream may not be interested in it.

Update: The KeyPassXC snapcraft.yaml is here. Looks like it already has the removable-media interface. All you need to do to follow (2) is to connect it (it's not automatically connected):

$ sudo snap connect keepassxc:removable-media

edited Apr 20 '20 at 18:20

answered Oct 12 '17 at 20:54

kyrofa

7,346
1
32
26

Thx a lot!! Really good explanation and the command sudo snap connect keepassxc:removable-media did the trick!! – Thanos Apostolou Oct 12 '17 at 23:09
2

error: snap "keepassxc" has no plug named "removable-media" – Erdnase May 26 '18 at 06:08
2

@Erdnase is keepassxc installed? – Tahlor Mar 21 '19 at 22:48
1

Amazing ! But none of my partitions are mounted under media, media is meant for removable storage... How could such an awkward system be devised – yota Apr 19 '20 at 21:15
1

well this is certainly inconvenient to say the least.. I have literally thousands of cached thumbnails and other references that are going to break if I change the mount point. And the removable-media plug apparently isn't implemented, and I have no ability to "push it upstream" – Michael Jun 03 '20 at 22:43

score 8 · Answer 2 · answered Jun 10 '20 at 16:37

I ran into a similar issue with the makemkv snap application on Ubuntu 20.04

I was able to solve the issue with a bind mount:

sudo mount --bind /data/wip /home/user/Videos/wip

This allowed me to mount my data drive into the /home/ tree so the snap application can access it like Kyle mentioned above.

score 1 · Answer 3 · answered Apr 19 '20 at 07:44

1

Just to add to Kyle's answer, some packages from the Ubuntu Software Store need this command too.

In my case kdenlive could not read my other hard-drive. The following command worked:

sudo snap connect kdenlive:removable-media

answered Apr 19 '20 at 07:44

Ben Winding

733

error: snap "freemind" has no plug named "removable-media" – Michael Jun 03 '20 at 22:30
It might not work for every snap package I suppose – Ben Winding Jun 04 '20 at 01:08

Pierre Thibaudeau · Answer 4 · 2019-04-29T17:34:37.600

0

Here is a quick fix to make a snap application behave as a classic install, i.e. no confinement whatsoever.

Simply created a symlink to the binary into /usr/local/bin, like so:

/usr/local/bin/pdftk -> /snap/pdftk/current/usr/bin/pdftk

(Surprisingly, this specific application is being setup with "confinement: strict", which is very annoying because, at it is, it will not work on files from other file systems.)

edited Apr 29 '19 at 17:34

answered Apr 29 '19 at 15:05

Pierre Thibaudeau

9

This is a bad idea-- running a binary out of a snap without using an app that it defines will often fail because it doesn't get all the environment variables it expects. Even if it runs, it'll be unconfined and will end up writing data where it's not supposed to. – kyrofa Nov 19 '19 at 19:19
This might not always work? /var/lib/snapd/snap/pdftk/9/usr/bin/pdftk -bash: /var/lib/snapd/snap/pdftk/9/usr/bin/pdftk: /snap/pdftk/current/lib/x86_64-linux-gnu/ld-2.23.so: bad ELF interpreter: No such file or directory – rogerdpack Jan 18 '22 at 17:02

Snap application doesn't see files from another partition

4 Answers4

Linked

Related