Shadowsocks-libev: Can't run shadowsocks from config file (Invalid config path)

Created on 18 Jul 2019  ·  10Comments  ·  Source: shadowsocks/shadowsocks-libev

Please answer these questions before submitting your issue. Thanks!

(Please mention that if the issue you filed is solved, you may wish to close it by yourself. Thanks again.)

(PS, you can remove 3 lines above, including this one, before post your issue.)

What version of shadowsocks-libev are you using?

snap 3.3.0

What operating system are you using?

Linux Mint 19.2

What did you do?

shadowsocks-libev.ss-local -c ~/Documents/sslocal.json
shadowsocks-libev.ss-local -c /home/USER/Documents/sslocal.json

What did you expect to see?

listening at 127.0.0.1:1080

What did you see instead?

Invalid config path.

What is your config in detail (with all sensitive info masked)?

{ "server":"IP", "server_port":PORT, "local_port":1080, "password":"PWD", "timeout":60, "method":"aes-256-gcm" }

picture Silentz0r

Most helpful comment

Oh, I see. snapd use apparmor for confinement. The file is considered out of the confinement. Snap has a different way of handling apparmor.

For your case, you can move the file to your snap folder: ~/snap/shadowsocks-libev, then you shall be able to run it.

picture rayhu on 18 Jul 2019
👍18

All 10 comments

If i run shadowsocks from command line with -s -p -k etc it runs fine, i just can't run it with a config. I ran out of ideas here.

Any help/advice? Thank you

Silentz0r picture Silentz0r on 18 Jul 2019

Checked the code, it looks like the config file is not able to be open and read. Please double check the config file's path, name and permission.

A troubleshooting tip: since this error message is produced in the first step of config file processing. You may try another file that exist and set permission to 777 to see if the error is different. If it is able to open the file, but failed to parse it, you will see a different error message.

rayhu picture rayhu on 18 Jul 2019

Checked the code, it looks like the config file is not able to be open and read. Please double check the config file's path, name and permission.

A troubleshooting tip: since this error message is produced in the first step of config file processing. You may try another file that exist and set permission to 777 to see if the error is different. If it is able to open the file, but failed to parse it, you will see a different error message.

Same error. got this from journal

Jul 18 13:37:36 PC audit[8669]: AVC apparmor="DENIED" operation="open" profile="snap.shadowsocks-libev.ss-local" name="/home/USER/Documents/sslocal.json" pid=8669 comm="ss-local" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

Jul 18 13:37:36 PC kernel: audit: type=1400 audit(1563471456.491:115): apparmor="DENIED" operation="open" profile="snap.shadowsocks-libev.ss-local" name="/home/USER/Documents/sslocal.json" pid=8669 comm="ss-local" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Silentz0r picture Silentz0r on 18 Jul 2019

AppArmor thinks the config file has nothing to do with shadowsocks, you can config AppArmor to allow it:

  1. find your profile of snap.shadowsocks-libev.ss-local in /etc/apparmor.d/
  2. modify the config file so that it allows read of this file.
    Find the block like this
    snap.shadowsocks-libev.ss-local {

ADD one line:
/home/USER/Documents/sslocal.json r,

Depends on the apparmor rule, take ownership of the config file might help as well. You can try this first
chown USER:USER config.json.

rayhu picture rayhu on 18 Jul 2019

AppArmor thinks the config file has nothing to do with shadowsocks, you can config AppArmor to allow it:

  1. find your profile of snap.shadowsocks-libev.ss-local in /etc/apparmor.d/
  2. modify the config file so that it allows read of this file.
    Find the block like this
    snap.shadowsocks-libev.ss-local {

ADD one line:
/home/USER/Documents/sslocal.json r,

Depends on the apparmor rule, take ownership of the config file might help as well. You can try this first
chown USER:USER config.json.

  1. I don't have anything shadowsocks or snaps related in that folder. Only this:
    usr.lib.snapd.snap-confine.real and it's empty.

  2. what config would that be?

About chown:

  File: sslocal.json
  Size: 114         Blocks: 8          IO Block: 4096   regular file
Device: 805h/2053d  Inode: 2366222     Links: 1
Access: (0777/-rwxrwxrwx)  Uid: ( 1000/USER)   Gid: ( 1000/USER)
Access: 2019-07-18 13:13:20.250486712
Modify: 2019-07-18 12:54:25.574554329 
Change: 2019-07-18 14:03:31.976180306
 Birth: -
Silentz0r picture Silentz0r on 18 Jul 2019

Closed. Is it resolved?

rayhu picture rayhu on 18 Jul 2019

It's not. Closed by mistake.

Silentz0r picture Silentz0r on 18 Jul 2019

Oh, I see. snapd use apparmor for confinement. The file is considered out of the confinement. Snap has a different way of handling apparmor.

For your case, you can move the file to your snap folder: ~/snap/shadowsocks-libev, then you shall be able to run it.

rayhu picture rayhu on 18 Jul 2019
👍18

Resolved, thank you for your help.

Silentz0r picture Silentz0r on 18 Jul 2019

Glad to know it worked.

There is a way to grant snap app access to user's HOME folder. I would suggest put it in a document for snap deployment.

https://forum.snapcraft.io/t/allow-daemon-to-access-users-home-directory/2065/4

rayhu picture rayhu on 19 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

piscesmk2013 picture piscesmk2013  ·  4Comments
iceberg1369 picture iceberg1369  ·  3Comments
d0u9 picture d0u9  ·  4Comments
HenryHo2006 picture HenryHo2006  ·  3Comments
qianguozheng picture qianguozheng  ·  4Comments