Issues using dbus in strict
Jamie Strandboge
jamie at canonical.com
Mon Apr 3 16:12:32 UTC 2017
On Mon, 2017-04-03 at 17:57 +0300, Sergey Borovkov wrote:
> Hi, I manually connected interfaces. But the issue is that it can't even
> connect to system bus? Before trying to call any methods.
>
I'm slightly confused, so let's back up. It sounds like you are saying that you
install the snap and the client isn't allowed to connect to the system bus
before the interfaces are connected. Once the interfaces are connected, things
work correctly. Is this accurate?
If so, this is how the dbus interface is designed. The slots side (the service)
is given enough permissions to run at all (eg, to connect to the system bus to
bind to the well-known name) and the client has no permissions to use the
service until a connection is made. Since your client isn't plugging anything
else that uses the system bus, access to the system bus itself will be denied
until interfaces that allow access to it are connected (eg, you connect your
client to your service).
If not, can you please describe the steps taken when you see the issue?
> root at localhost:/home/pi# snap interfaces
> Slot Plug
> :account-control -
> :alsa -
> :autopilot-introspection -
> :bluetooth-control -
> :browser-support screenly-client:browser-support-plug
> :camera -
> :classic-support -
> :core-support core
> :dcdbas-control -
> :docker-support -
> :firewall-control -
> :framebuffer screenly-client
> :fuse-support -
> :hardware-observe -
> :home -
> :io-ports-control -
> :kernel-module-control -
> :locale-control -
> :log-observe screenly-client
> :lxd-support -
> :mount-observe -
> :network screenly-client,screenly-pi3
> :network-bind core,screenly-client
> :network-control -
> :network-observe -
> :network-setup-control -
> :network-setup-observe -
> :opengl screenly-client
> :openvswitch-support -
> :physical-memory-control -
> :physical-memory-observe -
> :ppp -
> :process-control -
> :raw-usb -
> :removable-media -
> :shutdown -
> :snapd-control -
> :system-observe -
> :system-trace -
> :time-control -
> :timeserver-control -
> :timezone-control -
> :tpm -
> :uhid -
> screenly-client:playlist-dbus-server screenly-client:playlist-dbus-client
> screenly-pi3:bcm-gpio-0 -
> screenly-pi3:bcm-gpio-1 -
> screenly-pi3:bcm-gpio-10 -
> screenly-pi3:bcm-gpio-11 -
> screenly-pi3:bcm-gpio-12 -
> screenly-pi3:bcm-gpio-13 -
> screenly-pi3:bcm-gpio-14 -
> screenly-pi3:bcm-gpio-15 -
> screenly-pi3:bcm-gpio-16 -
> screenly-pi3:bcm-gpio-17 -
> screenly-pi3:bcm-gpio-18 -
> screenly-pi3:bcm-gpio-19 -
> screenly-pi3:bcm-gpio-2 -
> screenly-pi3:bcm-gpio-20 -
> screenly-pi3:bcm-gpio-21 -
> screenly-pi3:bcm-gpio-22 -
> screenly-pi3:bcm-gpio-23 -
> screenly-pi3:bcm-gpio-24 -
> screenly-pi3:bcm-gpio-25 -
> screenly-pi3:bcm-gpio-26 -
> screenly-pi3:bcm-gpio-3 -
> screenly-pi3:bcm-gpio-4 -
> screenly-pi3:bcm-gpio-5 -
> screenly-pi3:bcm-gpio-6 -
> screenly-pi3:bcm-gpio-7 -
> screenly-pi3:bcm-gpio-8 -
> screenly-pi3:bcm-gpio-9 -
> - screenly-pi3:snapd-control
>
>
> On 3 April 2017 at 16:58, Jamie Strandboge <jamie at canonical.com> wrote:
>
> >
> > On Fri, 2017-03-31 at 17:55 +0300, Sergey Borovkov wrote:
> >
> > ...
> >
> > >
> > > Mar 31 12:44:02 localhost.localdomain kernel: audit: type=1400
> > > audit(1490964242.523:72): apparmor="DENIED" operation="connect" profile=
> > > "snap.screenly-client.websocket" name="/run/dbus/system_bus_socket"
> > > pid=1466 comm="python3" req
> > > Mar 31 12:44:02 localhost.localdomain audit[1466]: AVC apparmor="DENIED"
> > > operation="connect" profile="snap.screenly-client.websocket" name="/
> > > run/dbus/system_bus_socket" pid=1466 comm="python3" requested_mask="wr"
> > > denied_mask="wr"
> > >
> > > I am not sure if I need to use some additional interfaces - to get it
> > > working under devmode I've used the following code (And I can't find
> > > anything relevant in wiki):
> > >
> > > playlist:
> > > command: usr/bin/playlist-service.sh
> > > daemon: simple
> > > plugs: [network-bind, network]
> > > slots: [playlist-dbus-server]
> > >
> > > websocket:
> > > command: usr/bin/websocket-service.sh
> > > daemon: simple
> > > plugs: [network-bind, network, playlist-dbus-client]
> > >
> > > slots:
> > > playlist-dbus-server:
> > > interface: dbus
> > > name: com.screenly.playlist
> > > bus: system
> > >
> > > plugs:
> > > playlist-dbus-client:
> > > interface: dbus
> > > name: com.screenly.playlist
> > > bus: system
> > You shouldn't need additional interfaces. It sounds like your interfaces
> > are not
> > connected. What is the output of 'snap interfaces'?
> >
> > --
> > Jamie Strandboge | http://www.canonical.com
> >
> >
> > --
> > Snapcraft mailing list
> > Snapcraft at lists.snapcraft.io
> > Modify settings or unsubscribe at: https://lists.ubuntu.com/
> > mailman/listinfo/snapcraft
> >
> >
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170403/5a94db07/attachment.sig>
More information about the Snapcraft
mailing list