workaround for connect no autoconnect interfaces without login on system

knitzsche kyle.nitzsche at canonical.com
Tue Mar 7 14:19:35 UTC 2017 

I don't think the prepare-device script can be used to auto connect, 
probably because it runs confined.

You can request the store to add an auto connection statement to the 
snap declaration assertion.

Cheers
kyleN


On 03/07/2017 05:19 AM, Nicolino Curalli wrote:
> Hi all,
> I implemented hints from James but it doesn't works.
>
> I create a new gadget snap based on pc gadget for amd64, adding a hook directory with a prepare-device hook script.
> I make this script executable.
> I build  an image containg my gadget (domotz-pc), pc-kernel and nmap snap from store.
>
> The layout of my new gadget snap ( named domotz-pc )  just installed is :
>
> ./
>
> -rwxr-xr-x 1 root root 753 Mar  7 00:04 meta/gadget.yaml
> -rw-r--r-- 1 root root 230 Mar  7 09:11 meta/snap.yaml
>
> meta/gui:
>
> -rwxr-xr-x 1 root root 39908 Nov 30 08:18 icon.png
>
> meta/hooks:
>
> -rwxr-xr-x 1 root root 134 Mar  7 09:09 prepare-device
>
> The prepare-device script content is:
>
> ----------
> #!/bin/sh
>
> # enabling network-control interface slot for nmap network-control plug
> snap connect nmap:network-control :network-control
> ----------
>
> After the registration of board by console-conf i find the following I find the following situation on interface side:
>
> :network       nmap
> :network-bind  nmap
> -              nmap:network-control
>
> instead
>
> :network       nmap
> :network-bind  nmap
> :network-control  nmap
>
> as I wish.
>
> I also  have  the following error from Apparmor:
>
> Mar  7 02:23:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 77 on Do: Run prepare-device hook
> Mar  7 02:23:10 localhost kernel: [11351843419.508357] audit: type=1400 audit(1488853390.962:25): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1428 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> Mar  7 02:23:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:23:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
> Mar  7 02:28:08 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
> Mar  7 02:28:08 localhost systemd-timesyncd[795]: Network configuration changed, trying to establish connection.
> Mar  7 02:28:08 localhost systemd[1]: Started Update resolvconf for networkd DNS.
> Mar  7 02:28:08 localhost systemd-timesyncd[795]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
> Mar  7 02:28:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 80 on Do: Run prepare-device hook
> Mar  7 02:28:10 localhost kernel: [11351843719.476882] audit: type=1400 audit(1488853690.938:26): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1455 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> Mar  7 02:28:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:28:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
> Mar  7 02:33:07 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
> Mar  7 02:33:07 localhost systemd-timesyncd[795]: Network configuration changed, trying to establish connection.
> Mar  7 02:33:07 localhost systemd[1]: Started Update resolvconf for networkd DNS.
> Mar  7 02:33:07 localhost systemd-timesyncd[795]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
> Mar  7 02:33:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 83 on Do: Run prepare-device hook
> Mar  7 02:33:10 localhost kernel: [11351844019.491749] audit: type=1400 audit(1488853990.964:27): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1475 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> Mar  7 02:33:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:33:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
> Mar  7 02:38:07 localhost systemd[1]: Starting Update resolvconf for networkd DNS...
> Mar  7 02:38:07 localhost systemd-timesyncd[795]: Network configuration changed, trying to establish connection.
> Mar  7 02:38:07 localhost systemd[1]: Started Update resolvconf for networkd DNS.
> Mar  7 02:38:07 localhost systemd-timesyncd[795]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
> Mar  7 02:38:10 localhost /usr/lib/snapd/snapd[936]: taskrunner.go:353: DEBUG: Running task 86 on Do: Run prepare-device hook
> Mar  7 02:38:10 localhost /usr/lib/snapd/snapd[936]: task.go:303: DEBUG: 2017-03-07T02:38:10Z ERROR run hook "prepare-device": /snap/domotz-pc/x1/meta/hooks/prepare-device: 4: /snap/domotz-pc/x1/meta/hooks/prepare-device: snap: Permission denied
> Mar  7 02:38:10 localhost kernel: [11351844319.456207] audit: type=1400 audit(1488854290.935:28): apparmor="DENIED" operation="exec" profile="snap.domotz-pc.hook.prepare-device" name="/usr/bin/snap" pid=1496 comm="prepare-device" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
>
>
> It seems that is not possible exec a core apps from gadget, then what is the path to the solution for my use case? Perhaps I miss some important thing in prepare-device script?
>
> Thanks in advance for each hints and contribution to solve this use case.
>
>
> Nicolino
>
>

More information about the Snapcraft mailing list