Receiving a USB device list with libusb4java fails due to AppArmor

Philipp Lorenz p.lorenz at
Tue Apr 28 07:30:07 UTC 2015

Hi Sergio,

After extracting the meta directory from the docker snap, I figured out 
how to add custom AppArmor and seccomp profiles.

Thanks a bunch!

Am 27.04.2015 um 22:39 schrieb Sergio Schvezov:
> El lunes, 27 de abril de 2015 10h'41:40 CEST, Philipp Lorenz escribió:
>> Hi,
>> I've built a snap package which contains a Java installation and some 
>> own Java classes. Those are used to get a list of connected USB 
>> devices and their information using the usb4java framework and the 
>> snap has been configured to run the Java program as a service.
>> Java is running fine so far, but the USB library gets blocked by 
>> AppArmor:
>> root at localhost:~# dmesg | tail
>> ...
>> [ 2011.571481] audit: type=1400 audit(1430121893.543:22): 
>> apparmor="DENIED" operation="open" 
>> profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/bus/" 
>> pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>> [ 2011.571587] audit: type=1400 audit(1430121893.543:23): 
>> apparmor="DENIED" operation="open" 
>> profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/class/" 
>> pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>> It seems like the library needs access to a lot of sub-directories of 
>> /sys/ in order to find out which USB devices are connected.
>> For granting access to single device nodes, I know there is "snappy 
>> hw-assign", but is there also a way to "unblock" the /sys/ directory 
>> for reading? Changing the AppArmor profile by hand and compiling it 
>> seems to be a bad option since the changes get lost on updates and/or 
>> re-installs.
>> Thanks in advance for any help!
> You can look at docker on snappy hub or install docker and look at the 
> package layout under /apps or look at installing webdm and use it for 
> inspiration.

More information about the snappy-devel mailing list