workaround for connect no autoconnect interfaces without login on system

Jamie Strandboge jamie at canonical.com
Fri Mar 10 12:20:24 UTC 2017 

Resending since this (and a few other emails) got caught up in a filter that was
recently activated for this list.

On Tue, 2017-03-07 at 08:36 -0600, Jamie Strandboge wrote:
> On Tue, 2017-03-07 at 09:19 -0500, knitzsche wrote:
> > 
> > I don't think the prepare-device script can be used to auto connect, 
> > probably because it runs confined.
> > 
> > You can request the store to add an auto connection statement to the 
> > snap declaration assertion.
> Well, that is a technical solution but this is a big hammer since it means all
> users of the snap don't have a say in the connection of the interface[1]
> (things
> are set to manually connect for a reason :).
> 
> Gadget developers are supposed to have a voice in what is autoconnected on
> their
> devices and it seems that Nicolino is asking for advice on how to make that
> happen. This comes up from time to time so once there is a definitive answer,
> this sounds like a great opportunity for some documentation. :)
> 
> [1] of course they can manually disconnect after the fact, but users need to
> know to do this
> 
> > 
> > 
> > On 03/07/2017 05:19 AM, Nicolino Curalli wrote:
> > > 
> > > 
> > > Hi all,
> > > I implemented hints from James but it doesn't works.
> > > 
> > > I create a new gadget snap based on pc gadget for amd64, adding a hook
> > > directory with a prepare-device hook script.
> > > I make this script executable.
> > > I build  an image containg my gadget (domotz-pc), pc-kernel and nmap snap
> > > from store.
> > > 
> > > The layout of my new gadget snap ( named domotz-pc )  just installed is :
> > > 
> > > ./
> > > 
> > > -rwxr-xr-x 1 root root 753 Mar  7 00:04 meta/gadget.yaml
> > > -rw-r--r-- 1 root root 230 Mar  7 09:11 meta/snap.yaml
> > > 
> > > meta/gui:
> > > 
> > > -rwxr-xr-x 1 root root 39908 Nov 30 08:18 icon.png
> > > 
> > > meta/hooks:
> > > 
> > > -rwxr-xr-x 1 root root 134 Mar  7 09:09 prepare-device
> > > 
> > > The prepare-device script content is:
> > > 
> > > ----------
> > > #!/bin/sh
> > > 
> > > # enabling network-control interface slot for nmap network-control plug
> > > snap connect nmap:network-control :network-control
> > > ----------
> > > 
> > > After the registration of board by console-conf i find the following I
> > > find
> > > the following situation on interface side:
> > > 
> > > :network       nmap
> > > :network-bind  nmap
> > > -              nmap:network-control
> > > 
> > > instead
> > > 
> > > :network       nmap
> > > :network-bind  nmap
> > > :network-control  nmap
> > > 
> > > as I wish.
> > > 
> > > I also  have  the following error from Apparmor:
> > > 
> > > Mar  7 02:23:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353:
> > > DEBUG: Running task 77 on Do: Run prepare-device hook
> > > Mar  7 02:23:10 localhost kernel: [11351843419.508357] audit: type=1400
> > > audit(1488853390.962:25): apparmor="DENIED" operation="exec"
> > > profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1428
> > > comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> > > Mar  7 02:23:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG:
> > > 2017-03-07T02:23:10Z ERROR run hook "prepare-device": /snap/domotz-
> > > pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-
> > > device: snap: Permission denied
> > > Mar  7 02:28:08 localhost systemd[1]: Starting Update resolvconf for
> > > networkd DNS...
> > > Mar  7 02:28:08 localhost systemd-timesyncd[795]: Network configuration
> > > changed, trying to establish connection.
> > > Mar  7 02:28:08 localhost systemd[1]: Started Update resolvconf for
> > > networkd
> > > DNS.
> > > Mar  7 02:28:08 localhost systemd-timesyncd[795]: Synchronized to time
> > > server 91.189.94.4:123 (ntp.ubuntu.com).
> > > Mar  7 02:28:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353:
> > > DEBUG: Running task 80 on Do: Run prepare-device hook
> > > Mar  7 02:28:10 localhost kernel: [11351843719.476882] audit: type=1400
> > > audit(1488853690.938:26): apparmor="DENIED" operation="exec"
> > > profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1455
> > > comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> > > Mar  7 02:28:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG:
> > > 2017-03-07T02:28:10Z ERROR run hook "prepare-device": /snap/domotz-
> > > pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-
> > > device: snap: Permission denied
> > > Mar  7 02:33:07 localhost systemd[1]: Starting Update resolvconf for
> > > networkd DNS...
> > > Mar  7 02:33:07 localhost systemd-timesyncd[795]: Network configuration
> > > changed, trying to establish connection.
> > > Mar  7 02:33:07 localhost systemd[1]: Started Update resolvconf for
> > > networkd
> > > DNS.
> > > Mar  7 02:33:07 localhost systemd-timesyncd[795]: Synchronized to time
> > > server 91.189.94.4:123 (ntp.ubuntu.com).
> > > Mar  7 02:33:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353:
> > > DEBUG: Running task 83 on Do: Run prepare-device hook
> > > Mar  7 02:33:10 localhost kernel: [11351844019.491749] audit: type=1400
> > > audit(1488853990.964:27): apparmor="DENIED" operation="exec"
> > > profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1475
> > > comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> > > Mar  7 02:33:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG:
> > > 2017-03-07T02:33:10Z ERROR run hook "prepare-device": /snap/domotz-
> > > pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-
> > > device: snap: Permission denied
> > > Mar  7 02:38:07 localhost systemd[1]: Starting Update resolvconf for
> > > networkd DNS...
> > > Mar  7 02:38:07 localhost systemd-timesyncd[795]: Network configuration
> > > changed, trying to establish connection.
> > > Mar  7 02:38:07 localhost systemd[1]: Started Update resolvconf for
> > > networkd
> > > DNS.
> > > Mar  7 02:38:07 localhost systemd-timesyncd[795]: Synchronized to time
> > > server 91.189.94.4:123 (ntp.ubuntu.com).
> > > Mar  7 02:38:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353:
> > > DEBUG: Running task 86 on Do: Run prepare-device hook
> > > Mar  7 02:38:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG:
> > > 2017-03-07T02:38:10Z ERROR run hook "prepare-device": /snap/domotz-
> > > pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-
> > > device: snap: Permission denied
> > > Mar  7 02:38:10 localhost kernel: [11351844319.456207] audit: type=1400
> > > audit(1488854290.935:28): apparmor="DENIED" operation="exec"
> > > profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1496
> > > comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> > > 
> > > 
> > > It seems that is not possible exec a core apps from gadget, then what is
> > > the
> > > path to the solution for my use case? Perhaps I miss some important thing
> > > in
> > > prepare-device script?
> > > 
> > > Thanks in advance for each hints and contribution to solve this use case.
> > > 
> > > 
> > > Nicolino
> > > 
> > > 
-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170310/e07eaf56/attachment.sig>

More information about the Snapcraft mailing list