Building native apps

Gábor Paller gaborpaller at gmail.com
Tue Feb 17 13:45:52 UTC 2015 

Thanks, Sergio, this was a very useful example. Something is still not
right on my side, however.

I restructured my package according to your example and created an apparmor
file. Here is the apparmor file right from the device (to prove that it was
correctly packaged and installed :-))

root at localhost:/apps/fswebcam/20140113/meta# cat fswebcam.apparmor

{

    "template": "default",

    "policy_vendor": "ubuntu-snappy",

    "policy_version": 1.3,

    "policy_groups": [

        "networking"

    ],

    "read_path": [

                "/dev/video0"

   ],

   "write_path": [

                "/dev/video0"

   ]

}

I granted both read and write permissions as fswebcam opens the device with
O_RDWR.

If I execute the application from under the /apps tree, it works correctly.

root at localhost:/apps/fswebcam/20140113#
/apps/fswebcam/20140113/magic-bin/fswebc
am

snapp_name: fswebcam

snapp_bin: fswebcam

snapp_dir: /apps/fswebcam/20140113

snapp_org_bin: fswebcam

plat_abi: arm-linux-gnueabihf

LD_LIBRARY_PATH: /apps/fswebcam/20140113/lib/arm-linux-gnueabihf/:

--- Opening /dev/video0...

Trying source module v4l2...

/dev/video0 opened.

...

However, if I execute it using the $HOME/snappy-bin/fswebcam.fswebcam
script, there is still privilege problem:

root at localhost:~/snappy-bin# ./fswebcam.fswebcam

snapp_name: fswebcam

snapp_bin: fswebcam

snapp_dir: /apps/fswebcam/20140113

snapp_org_bin: fswebcam

plat_abi: arm-linux-gnueabihf

LD_LIBRARY_PATH: /apps/fswebcam/20140113/lib/arm-linux-gnueabihf/:

--- Opening /dev/video0...

Trying source module v4l2...

Error opening device: /dev/video0

open: Permission denied

Regards,
Gabor


On Tue, Feb 17, 2015 at 12:53 PM, Sergio Schvezov <
sergio.schvezov at canonical.com> wrote:

> On martes 17 de febrero de 2015 08h'49:34 BRST, Gábor Paller wrote:
>
>> The launcher you are referring is under $HOME/snappy-bin, right?
>>
>> I successfully compiled the popular fswebcam application and it works but
>> I can't get it to work with the launcher. ($HOME/snappy-bin/fswebcam.
>> fswebcam).
>> All the commands below are issued as root.
>>
>
> Take a look at https://github.com/sergiusens/camlistore.snap
>
> in there the references point to the wrapper scripts; the wrapper scripts
> take care of launching for the right architecture by setting up the paths
> (bin and ld) correctly.
>
> I did not upload the binaries to github, but you can maybe infer that
>
>    bin/$arch/$real_arch_binary
>
> is where the binaries live. I don't have libs in this package, but it gets
> setup to look at
>
>    lib/$arch/$arch_library
>
>  If I launch it directly from under the /apps tree, it works nicely (after
>> having set the LD_LIBRARY_PATH to the lib directory of my snap).
>>
>> root at localhost:/apps/fswebcam/20140113/bin# ./fswebcam
>> /home/ubuntu/1.jpg       --- Opening /dev/video0...
>>                               Trying source module v4l2...
>>                                   /dev/video0 opened.
>> ...
>>
>> I hacked into the $HOME/snappy-bin/fswebcam.fswebcam file that was
>> created automatically during package installation and added the
>> LD_LIBRARY_PATH.
>>
>> ...
>> export SNAPP_LIB="$SNAPP_APP_PATH/lib"
>> export LD_LIBRARY_PATH=$SNAPP_LIB:$LD_LIBRARY_PATH
>> ...
>>
>> Then executed the resulting fswebcam.fswebcam.
>>
>> root at localhost:~/snappy-bin# ./fswebcam.fswebcam
>>         --- Opening /dev/video0...
>>             Trying source module v4l2...
>>                 Error opening device: /dev/video0
>>                      open: Permission denied
>> Clearly, somehow I lose access rights to /dev/video0. How can it be?
>>
>
> Because even if it's running as root; it's not the root you are used to
> (it's kind like the Solaris 10 root role).
>
> root runs without priviledges to anything as it's gated by apparmor's
> confinement rules; to overcome this for now, do something like shown here
>
> https://github.com/sergiusens/camlistore.snap/blob/master/
> meta/camlistored.apparmor
>
> but replace the read_path and write_path with /dev/video0
>
> This is temporary and you can refer to Jamie's email to the list (the
> devel one IIRC) for details on how this is going to be solved at the
> general level.
>
> Keep in mind that using read and write paths triggers a manual review on
> the store.
>
> Cheers
> Sergio
>
>
> --
> snappy-app-devel mailing list
> snappy-app-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snappy-app-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20150217/d85a20c9/attachment.html>

More information about the snappy-app-devel mailing list