yq fails with "permission denied"

Question

Why does this fail in the terminal of vscode?

cat foo.json | yq -P  > foo.yaml

Error: write /dev/stdout: permission denied

But this does work:

cat foo.json | yq -P | cat > foo.yaml

I can create the file "foo.yaml" with touch and remove it with rm.

I don't think it is related to file/directory permissions.

I think it must be something special about the tool yq.

No sudo is involved.

OS: Ubuntu 22.04

This only happens in the console of vscode, it works in a gnome-terminal.

yq is installed via snap.

It could be related to this issue: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1849753

Answer 1

The reason is that snap is using some security confinements. Here write files outside of the home directory. Usually there is the switch --classic to snap to overcome this.

But yq was packaged in a special way and complains:

Warning: flag --classic ignored for strictly confined snap yq

in my case I wanted to manipulate files under /etc. For this add:

mkdir -p /var/snap/yq/common/etc
mount --bind /etc/ /var/snap/yq/common/etc

Make the binding permanent and add to /etc/fstab

/etc /var/snap/yq/common/etc none bind 0 0

Now snap must operate within the path /var/snap/yq/common/etcand it can write.

An alternative is to move the file to /var/snap/yq/common/ edit it there and copy it back.

I know this packaging approach kills the flexibility of the tool, but I found no other way.

Answer 2

Not a solution of the root cause, but at least an explanation and a work around:

This is related to vscode, not to yq.

The same happens with other commands. For example: kubectl:

kubectl run --image=nginx nginx --dry-run=client -o yaml  > p.yaml

error: write /dev/stdout: permission denied

I never understood why snap was created. It seems to be related to this issue: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1849753

I installed kubectl (and yq) via brew for linux and now I don't get the "permission denied" error.