Receiving a USB device list with libusb4java fails due to AppArmor
Philipp Lorenz
p.lorenz at mwaysolutions.com
Tue Apr 28 07:30:07 UTC 2015
Hi Sergio,
After extracting the meta directory from the docker snap, I figured out
how to add custom AppArmor and seccomp profiles.
Thanks a bunch!
Philipp
Am 27.04.2015 um 22:39 schrieb Sergio Schvezov:
>
>
> El lunes, 27 de abril de 2015 10h'41:40 CEST, Philipp Lorenz escribió:
>> Hi,
>>
>> I've built a snap package which contains a Java installation and some
>> own Java classes. Those are used to get a list of connected USB
>> devices and their information using the usb4java framework and the
>> snap has been configured to run the Java program as a service.
>> Java is running fine so far, but the USB library gets blocked by
>> AppArmor:
>>
>> root at localhost:~# dmesg | tail
>> ...
>> [ 2011.571481] audit: type=1400 audit(1430121893.543:22):
>> apparmor="DENIED" operation="open"
>> profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/bus/"
>> pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>> [ 2011.571587] audit: type=1400 audit(1430121893.543:23):
>> apparmor="DENIED" operation="open"
>> profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/class/"
>> pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>>
>> It seems like the library needs access to a lot of sub-directories of
>> /sys/ in order to find out which USB devices are connected.
>> For granting access to single device nodes, I know there is "snappy
>> hw-assign", but is there also a way to "unblock" the /sys/ directory
>> for reading? Changing the AppArmor profile by hand and compiling it
>> seems to be a bad option since the changes get lost on updates and/or
>> re-installs.
>>
>> Thanks in advance for any help!
>
> You can look at docker on snappy hub or install docker and look at the
> package layout under /apps or look at installing webdm and use it for
> inspiration.
>
>
More information about the snappy-devel
mailing list