snap, hooks: make host-hunspell a system-files interface #53
Conversation
The host-hunspell plug was a mount-control interface, which means that the snap could request snapd to set up a mount from/to a specific location. The problem is that the mount is visible in the host mount namespace, i.e. the mounts created a system wide. The mount-control interface was really intended to be used in Ubuntu Core oriented scenarios, when for instance a gadget mounts some external storage at a system wide location. The particular care of the Firefox snap only really needs access to the hunspell dictionaries on the host. In this case a system-files interface allowing access to /usr/share/hunspell inside the host filesystem (exposed to the snap mount ns at /var/lib/snapd/hostfs) will be sufficient. This will fix issues like LP#2059195 Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
| where: $SNAP_COMMON/host-hunspell | ||
| persistent: true | ||
| options: [ro, bind, noatime, noexec] | ||
| interface: system-files |
There was a problem hiding this comment.
This will require an update to the firefox snap declaration in the store.
There was a problem hiding this comment.
Yes. Do you know if the store can handle the case where the plug name is unchanged? Maybe it'd be better if I changed the name to say host-usr-share-hunspell?
There was a problem hiding this comment.
I've renamed the plug to host-usr-share-hunspell to avoid potential name conflicts in snap declaration.
There was a problem hiding this comment.
Thanks, yep I think this is better.
There was a problem hiding this comment.
Submitted store request for review/approval:
Request for auto-connection of firefox:host-usr-share-hunspell plug of system-files interface
Rename the plug to host-usr-share-hunspell to avoid potential issue with conflicting names in the snap declaration. Signed-off-by: Maciej Borzecki <maciej.borzecki@canonical.com>
|
Not a review but a side comment but we should start by targeting nightly and beta which are higher risk channels where we usually land changes to get testing before cherry-picking to stable |
|
Thanks for the PR. From a quick look and test, it looks good. I've pushed the change to the |
|
installs and runs on raspberry pi4b+ubuntu core22 (arm64), closing 52! |
We need this to be able to unmount the existing mount point for the last time, otherwise removal of the Firefox snap fails halfway through with this error: error: cannot perform the following tasks: - Remove data for snap "firefox" (4111) (unlinkat /var/snap/firefox/common/host-hunspell/en_US.dic: read-only file system)
|
Hi @bboozzoo, (all,) As mentioned above, I'd cherry-picked your changes into
Thanks again for the patch, and thanks in advance for reviewing my proposed changes. EDIT: also cc @lissyx |
The host-hunspell plug was a mount-control interface, which means that the snap could request snapd to set up a mount from/to a specific location. The problem is that the mount is visible in the host mount namespace, i.e. the mounts created a system wide. The mount-control interface was really intended to be used in Ubuntu Core oriented scenarios, when for instance a gadget mounts some external storage at a system wide location.
The particular care of the Firefox snap only really needs access to the hunspell dictionaries on the host. In this case a system-files interface allowing access to /usr/share/hunspell inside the host filesystem (exposed to the snap mount ns at /var/lib/snapd/hostfs) will be sufficient.
This will fix issues like LP#2059195