snap: tor's cookie file not visible for Bitcoin Core

[cricktor]

My OS is Ubuntu 22.04 and Bitcoin Core v23.0.0 is installed via the official snap package. Tor 0.4.7.8 is installed from official torproject.org deb repo.

/etc/tor/torrc contains:

ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1

Regarding tor and such ~/snap/bitcoin-core/common/.bitcoin/bitcoin.conf contains:

# Network
listen=1
listenonion=1
proxy=127.0.0.1:9050
bind=127.0.0.1
debug=tor

The user account which runs Bitcoin Core is member of the debian-tor group and I have verified that the file
/run/tor/control.authcookie is readable for my user account. So no filesystem permission issue here. The cookie file has sufficient permissions to be readable for Bitcoin Core running with my user account.

Unfortunately this doesn't seem to work with the snap isolation as the following issue is still logged in Core's debug.log:

2022-06-24T07:52:03Z tor: Supported authentication method: COOKIE
2022-06-24T07:52:03Z tor: Supported authentication method: SAFECOOKIE
2022-06-24T07:52:03Z tor: Using SAFECOOKIE authentication, reading cookie authentication from /run/tor/control.authcookie
2022-06-24T07:52:03Z tor: Authentication cookie /run/tor/control.authcookie could not be opened (check permissions)

Sorry, I don't know much about snaps but I suspect maybe a system file interface is missing to allow Core to access and read files in /run/tor/ directory?

Bitcoin Core synchronizes and connects to peer but it seems to me it can't setup a hidden tor service and is likely not accessible via an onion address. At least I don't see anything in the logs that indicate such.
I'll gladly provide any additional information that I might have missed to give here for now and appreciate any help. I can do additional tests or tweaks if needed, just provide me some details what you would like me to do.

[maflcko]

Sounds good. Do you want to create a patch?

[cricktor]

Sorry, I likely currently lack the knowledge to do that. Snap config is mostly very new to me. I don't expect it to be rocket science but still I have no clue where to look at.

I can confirm that with current Bitcoin Core v23.0.0 installed from the tarball (saved data from snap and uninstalled the snap package from my Ubuntu) there is no read issue with the cookie file /run/tor/config.authcookie (as expected, no other changes have been made with my setup).

From debug.log of Bitcoin Core from tarball:

2022-06-24T10:26:08Z tor: Successfully connected!
2022-06-24T10:26:08Z tor: Connected to Tor version 0.4.7.8
2022-06-24T10:26:08Z tor: Supported authentication method: COOKIE
2022-06-24T10:26:08Z tor: Supported authentication method: SAFECOOKIE
2022-06-24T10:26:08Z tor: Using SAFECOOKIE authentication, reading cookie authentication from /run/tor/control.authcookie
...
2022-06-24T10:26:08Z tor: SAFECOOKIE authentication challenge successful
2022-06-24T10:26:08Z tor: AUTHCHALLENGE ServerHash <redacted> ServerNonce <redacted>
2022-06-24T10:26:08Z tor: Authentication successful
2022-06-24T10:26:08Z init message: <redacted>
2022-06-24T10:26:08Z GUI: Platform customization: "other"
2022-06-24T10:26:08Z tor: ADD_ONION successful
2022-06-24T10:26:08Z tor: Got service ID <redacted>, advertising service <redacted>.onion:8333
2022-06-24T10:26:08Z tor: Cached service private key to /home/<redacted>/.bitcoin/onion_v3_private_key
2022-06-24T10:26:08Z AddLocal(<redacted>.onion:8333,4)
...

[cricktor]

Sounds good. Do you want to create a patch?

I assume something needs to be added to the various plugs: entries of the snapcraft.yaml, but it's probably preferable to restrict the read access to specific paths needed here, namely /run/tor/ if we assume a standard tor config.

I have no idea how to do that.