unable to read pki.ca file ca.crt: open ca.crt: permission denied

[cblt2l]

I installed the nebula snap (without devmode) & copied the certs & config to the relevant directories per the README.

Trying to start nebula (as root) gives the following: ERRO[0000] Failed to load ca from config error="unable to read pki.ca file ca.crt: open ca.crt: permission denied"

I tried chmod 777'ing the ca.crt, but got the same result. I then reinstalled the snap with --devmode and nebula runs with no issues.

I would like to run with strict confinement if possible. This may be a similar issue to #4 however everything is already owned by root.

root@localhost ~# whoami
root

root@localhost ~# ls -l /var/snap/nebula/common/certs/
total 16
-rwxr-xr-x 1 root root 247 Jul 24 18:17 ca.crt*
-rw------- 1 root root 304 Jul 24 18:17 Lighthouse-2.crt
-rw------- 1 root root 127 Jul 24 18:17 Lighthouse-2.key

root@localhost ~# ls -l /var/snap/nebula/common/config/
total 12
-rw-r--r-- 1 root root 10605 Jul 24 18:17 config.yaml

root@localhost ~# snap --version
snap    2.56.2
snapd   2.56.2
series  16
ubuntu  20.04
kernel  5.4.0-122-generic

And from my config.yaml:

pki:
  ca: ca.crt
  cert: Lighthouse-2.crt
  key: Lighthouse-2.key

[jwallden]

Apologies for the late reply. Have you managed to resolve this?

[cblt2l]

No unfortunately not. I ended up running it in a docker container.

[joshaspinall]

The configuration file is required to be owned by the root user. It is not possible to be created in the folder unless this is true. If you're able to confirm @cblt2l that this is/was the case; otherwise @jwallden recommend closure.