is possible to execute commands on host from snap package?

Daniel

3/21/24, 7:50 AM

I am building snap from command line program to guess linux commands from natural language. For example cal for show calendar. When command is proposed I need to confirm them by Enter. So after Enter I expect to execute cal on my host system.

I works when program is executed natively on host machine thanks to the following code:

let mut child = Command::new(command_name)
  .args(command_args)
  .stdin(Stdio::inherit())
  .stdout(Stdio::inherit())
  .stderr(Stdio::inherit())
  .spawn()
  .expect("Failed to execute command");

but when i packaged this app into snap i seen error:

➜ gpt-cli show calendar
> Execute.:

cal

 Yes
thread 'main' panicked at 'Failed to execute command: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/main.rs:126:26
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

I afraid that cal is not available on snap container and my program does not have access to host context.

So question is: can i give access to snap app to execute programs on host?

I was checking interfaces but not found nothing connected with access to host programs.

snapcraft.yaml

Update

I found solution:

Firstly I needed process-control

apps:
  gpt-cli:
    command: gpt-cli
    plugs:
      - process-control
      - network
      - network-bind

and

confinement: classic

130

1 + 2

command-line

process

snap

guiverc

3/21/24, 8:02 AM

Classic confinement (https://snapcraft.io/docs/classic-confinement) allows for it, but its not easy to get *classic* defined apps into the store given they have full system access.

Daniel

3/21/24, 8:22 AM

I found 'process-control' and `confinement: classic`. I will try this way and potentially ask canonical team about alternatives. You can post it as answer because it solved problem.

Score:2

Ubuntu

guiverc

3/21/24, 8:29 AM

Classic confinement (https://snapcraft.io/docs/classic-confinement) allows for it, but it's not easy to get classic defined apps into the store given they have full system access.

Classic confinement is a permissive Snap confinement level, equivalent to the full system access that traditionally packaged applications have.

It’s often used as a stop-gap measure to enable developers to publish applications that need more access than the current set of interfaces and permissions allow.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: is possible to execute commands on host from snap package?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.