From 9a2aad16adff0cc9cf6d7ce8d6a7bd7cd09810bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9E=97=E5=8D=9A=E4=BB=81=28Buo-Ren=20Lin=29?=
 <Buo.Ren.Lin@gmail.com>
Date: Thu, 29 Mar 2018 17:59:48 +0800
Subject: [PATCH] Add removable-media plug so that scripts in removable media
 can be checked
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Otherwise it will be blocked by Apparmor with the following message:

```
$ shellcheck script
audit: type=1400 audit(TIMESTAMP): apparmor="DENIED" operation="open" profile="snap.shellcheck.shellcheck" name=2F6D656469612F4C696E2D42756F2D52656E2F57696E646F7773205553422F717569636B72756E pid=10175 comm="shellcheck" requested_mask="r" denied_mask="r" fsuid=FSUID ouid=OUID
script: script: openBinaryFile: permission denied (Permission denied)
```

NOTE:

* This plug is not Auto-connect plug, it has to be manually connected by user with `snap connect shellcheck:removable-media :removable-media`
* Currently files under /mnt is not checkable as snapd doesn't provide an interface for it for now.

Refer-to: Interfaces reference - Snaps are universal Linux packages <https://docs.snapcraft.io/reference/interfaces>
Signed-off-by: 林博仁(Buo-Ren Lin) <Buo.Ren.Lin@gmail.com>
---
 snap/snapcraft.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 0854217..09fe2cc 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -22,7 +22,7 @@ confinement: strict
 apps:
   shellcheck:
     command: usr/bin/shellcheck
-    plugs: [home]
+    plugs: [home, removable-media]
 
 parts:
   shellcheck: