78 lines
2.7 KiB
Markdown
78 lines
2.7 KiB
Markdown
Snaps on Gentoo - The saga continues
|
|
|
|
A while ago I posted about [Snaps on Gentoo](snaps-on-gentoo.html), about
|
|
why and how to get it working. Sometime after that post, snaps stopped
|
|
working and I didn't have the time to investigate.
|
|
|
|
Until last week that is.
|
|
|
|
---
|
|
|
|
## Update 07/09/2019
|
|
|
|
My snapd ebuild is now in an overlay on it's own for your convenience.
|
|
See [here](snapd-repository-for-gentoo.html)
|
|
|
|
## TL;DR
|
|
|
|
If you just want to install my snapd ebuild, run this bit:
|
|
|
|
echo app-portage/layman git >> /etc/portage/package.use/layman
|
|
emerge app-portage/layman
|
|
layman -o http://jesseharrisit.com/overlay.xml -f -a zigford
|
|
emerge app-emulation/snapd
|
|
|
|
Read on for more details
|
|
|
|
---
|
|
|
|
Last week I decided to have a crack at getting Gentoo running on my work
|
|
owned "[Precision 5510][1]". It's a couple of years old now, but is quite
|
|
servicable. I will want to use it booted into Gentoo for work now and again
|
|
and this will involve Chromium (Firefox doesn't like launching Citrix
|
|
sessions through the ICA client).
|
|
|
|
Chromium takes forever to build and that is just not fun, especially with
|
|
the frequency that releases occur. So I set about getting snaps to work.
|
|
|
|
I installed JamesB192's personal overlay and found that snaps didn't work
|
|
on this clean build.
|
|
|
|
JamesB192's ebuild seems to be written quite well, and it was easy to bump
|
|
the version to the latest. What I found was that at some point snapd must
|
|
have switched to require apparmor. I reviewed my previous kernel configs
|
|
from when snapd was working and apparmor was not in my configuration.
|
|
|
|
### Adding Apparmor support
|
|
|
|
AppArmor is a process confinement feature to restrict a process to specific
|
|
abilities. You can enable it with the following kernel configuration:
|
|
|
|
CONFIG_SECURITY_APPARMOR=y
|
|
|
|
And the following boot commandline
|
|
|
|
apparmor=1 security=apparmor
|
|
|
|
Now to add apparmor support to the ebuild we need install an apparmor
|
|
profile. The `./configure` command in the source, generates one if the
|
|
`--enable-apparmor` parameter is specified. I've added that to the ebuild.
|
|
Then the Makefile translates paths in the profile depending on configure
|
|
options. So I added the following to the ebuild
|
|
|
|
# Generate apparmor profile
|
|
sed -e ',[@]LIBEXECDIR[@],/usr/lib64/snapd,g' \
|
|
-e 's,[@]SNAP_MOUNT_DIR[@],/snapdsnap,' \
|
|
"${C}/snap-confine/snap-confine.apparmor.in" \
|
|
> "${C}/snapsp-confine/usr.lib.snapd.snap-confine.real"
|
|
|
|
Then during the install phase:
|
|
|
|
insinto "/etc/apparmor.d"
|
|
doins "${C}/snap-confine/usr.lib.snapd.snapd-confine.real"
|
|
|
|
|
|
Tags: snapd, gentoo
|
|
|
|
[1]:https://github.com/zigford/kernel-configs/blob/master/Precision%205510/Precision%205510
|