Access denied on dbus for MM with plug connected
Jamie Strandboge
jamie at canonical.com
Fri Feb 17 14:45:50 UTC 2017
On Fri, 2017-02-17 at 15:06 +0100, Maciej Kisielewski wrote:
> Hey folks!
>
> There is a problem when I talk to ModemManager via dbus from Checkbox.
> At first I thought there was something wrong with how we're controlling
> the execution from Checkbox, but right now, it boils down to:
>
> checkbox-snappy.python3 -c "import dbus;
> dbus.Interface(dbus.SystemBus().get_object('org.freedesktop.ModemManager1',
> '/org/freedesktop/ModemManager1'),
> 'org.freedesktop.DBus.ObjectManager').GetManagedObjects()"
> raising DBusException [2]
>
> That python3 'app' has `modem-manager` plug declared, and connected.
> The same command run with sudo runs ok.
>
> Any thoughts what I'm doing wrong, or is it a genuine bug in snapd?
>
> [1] https://bugs.launchpad.net/snapd/+bug/1659272
> [2] http://paste.ubuntu.com/24013610/
>
You aren't doing anything wrong. The modem-manager interface has this for its
dbus bus policy:
<policy user="root">
<allow own="org.freedesktop.ModemManager1"/>
<allow send_destination="org.freedesktop.ModemManager1"/>
</policy>
<policy context="default">
<deny own="org.freedesktop.ModemManager1"/>
<deny send_destination="org.freedesktop.ModemManager1"/>
</policy>
This is saying that you must be root to use modem-manager. This is written this
way here (and other system services) so that non-root logged in users can't
perform privileged operations via the interfaces. The very simplistic policy is
a result of polkit not being available in core yet. polkit is something the
Personal team is looking at enabling in snappy. Once polkit is available, then
that allows for the various fine-grained access controls polkit offers.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170217/57607c49/attachment.sig>
More information about the Snapcraft
mailing list