workaround for connect no autoconnect interfaces without login on system

Tue Mar 7 15:05:04 UTC 2017

Hi kyleN
thanks so much for the answer.

A question for go ahead from my side:
how can I request the store to add an auto connection statement to the
snap declaration assertion ?

Thanks a lot

Nicolino

Il 07/03/2017 15:20, knitzsche ha scritto:
> I don't think the prepare-device script can be used to auto connect, 
> probably because it runs confined.
>
> You can request the store to add an auto connection statement to the 
> snap declaration assertion.
>
> Cheers
> kyleN
>
>
> On 03/07/2017 05:19 AM, Nicolino Curalli wrote:
>> Hi all,
>> I implemented hints from James but it doesn't works.
>>
>> I create a new gadget snap based on pc gadget for amd64, adding a hook directory with a prepare-device hook script.
>> I make this script executable.
>> I build  an image containg my gadget (domotz-pc), pc-kernel and nmap snap from store.
>>
>> The layout of my new gadget snap ( named domotz-pc )  just installed is :
>>
>> ./
>>
>> -rwxr-xr-x 1 root root 753 Mar  7 00:04 meta/gadget.yaml
>> -rw-r--r-- 1 root root 230 Mar  7 09:11 meta/snap.yaml
>>
>> meta/gui:
>>
>> -rwxr-xr-x 1 root root 39908 Nov 30 08:18 icon.png
>>
>> meta/hooks:
>>
>> -rwxr-xr-x 1 root root 134 Mar  7 09:09 prepare-device
>>
>> The prepare-device script content is:
>>
>> ----------
>> #!/bin/sh
>>
>> # enabling network-control interface slot for nmap network-control plug
>> snap connect nmap:network-control :network-control
>> ----------
>>
>> After the registration of board by console-conf i find the following I find the following situation on interface side:
>>
>> :network       nmap
>> :network-bind  nmap
>> -              nmap:network-control
>>
>> instead
>>
>> :network       nmap
>> :network-bind  nmap
>> :network-control  nmap
>>
>> as I wish.
>>
>> I also  have  the following error from Apparmor:
>>
>> Mar  7 02:23:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 77 on Do: Run prepare-device hook
>> Mar  7 02:23:10 localhost kernel: [11351843419.508357] audit: type=1400 audit(1488853390.962:25): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1428 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
>> Mar  7 02:23:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:23:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
>> Mar  7 02:28:08 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
>> Mar  7 02:28:08 localhost systemd-timesyncd[795]: Network configuration changed, trying to establish connection.
>> Mar  7 02:28:08 localhost systemd[1]: Started Update resolvconf for networkd DNS.
>> Mar  7 02:28:08 localhost systemd-timesyncd[795]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
>> Mar  7 02:28:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 80 on Do: Run prepare-device hook
>> Mar  7 02:28:10 localhost kernel: [11351843719.476882] audit: type=1400 audit(1488853690.938:26): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1455 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
>> Mar  7 02:28:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:28:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
>> Mar  7 02:33:07 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
>> Mar  7 02:33:07 localhost systemd-timesyncd[795]: Network configuration changed, trying to establish connection.
>> Mar  7 02:33:07 localhost systemd[1]: Started Update resolvconf for networkd DNS.
>> Mar  7 02:33:07 localhost systemd-timesyncd[795]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
>> Mar  7 02:33:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 83 on Do: Run prepare-device hook
>> Mar  7 02:33:10 localhost kernel: [11351844019.491749] audit: type=1400 audit(1488853990.964:27): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1475 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
>> Mar  7 02:33:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:33:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
>> Mar  7 02:38:07 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
>> Mar  7 02:38:07 localhost systemd-timesyncd[795]: Network configuration changed, trying to establish connection.
>> Mar  7 02:38:07 localhost systemd[1]: Started Update resolvconf for networkd DNS.
>> Mar  7 02:38:07 localhost systemd-timesyncd[795]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
>> Mar  7 02:38:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 86 on Do: Run prepare-device hook
>> Mar  7 02:38:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:38:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
>> Mar  7 02:38:10 localhost kernel: [11351844319.456207] audit: type=1400 audit(1488854290.935:28): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1496 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
>>
>>
>> It seems that is not possible exec a core apps from gadget, then what is the path to the solution for my use case? Perhaps I miss some important thing in prepare-device script?
>>
>> Thanks in advance for each hints and contribution to solve this use case.
>>
>>
>> Nicolino
>>
>>