Receiving a USB device list with libusb4java fails due to AppArmor

Philipp Lorenz p.lorenz at mwaysolutions.com
Mon Apr 27 08:41:40 UTC 2015


Hi,

I've built a snap package which contains a Java installation and some 
own Java classes. Those are used to get a list of connected USB devices 
and their information using the usb4java framework and the snap has been 
configured to run the Java program as a service.
Java is running fine so far, but the USB library gets blocked by AppArmor:

root at localhost:~# dmesg | tail
...
[ 2011.571481] audit: type=1400 audit(1430121893.543:22): 
apparmor="DENIED" operation="open" 
profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/bus/" 
pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 2011.571587] audit: type=1400 audit(1430121893.543:23): 
apparmor="DENIED" operation="open" 
profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/class/" 
pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

It seems like the library needs access to a lot of sub-directories of 
/sys/ in order to find out which USB devices are connected.
For granting access to single device nodes, I know there is "snappy 
hw-assign", but is there also a way to "unblock" the /sys/ directory for 
reading? Changing the AppArmor profile by hand and compiling it seems to 
be a bad option since the changes get lost on updates and/or re-installs.

Thanks in advance for any help!



More information about the snappy-devel mailing list