Dbus system config for framework and app snaps

Sergey Demyanov sergey at devicehive.com
Mon Jun 1 17:56:25 UTC 2015 

Thank you Jamie,

those links are very helpful and I was able to do some progress with my
snaps.
On snappy vm (amd64) my framework snap installs and registers on dbus, I
can also see dbus config generated for it.

But today I was doing more tests on RPi2 image (latest, 15 Apr build) and I
got permission error after snap install. I have tried the *package-dir-fwk*
example but got the same error:

Jun  1 17:39:09 localhost kernel: [ 3787.848606] audit: type=1400
audit(1433180349.509:13): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="hello-dbus-fwk_srv_1.0.0" pid=1786
comm="apparmor_parser"
Jun  1 17:39:09 localhost systemd[1]: Reloading.
Jun  1 17:39:09 localhost systemd[1]: Started hello-dbus-fwk test service.
Jun  1 17:39:09 localhost systemd[1]: Starting hello-dbus-fwk test
service...
Jun  1 17:39:09 localhost dbus_service.start[1803]: FAIL:
org.freedesktop.DBus.Error.AccessDenied: Connection ":1.26" is not allowed
to own the service "com.canonical.hello-dbus-fwk" due to security policies
in the configuration file
Jun  1 17:39:10 localhost systemd[1]: hello-dbus-fwk_srv_1.0.0.service:
main process exited, code=exited, status=1/FAILURE
Jun  1 17:39:10 localhost systemd[1]: Unit hello-dbus-fwk_srv_1.0.0.service
entered failed state.
Jun  1 17:39:10 localhost systemd[1]: hello-dbus-fwk_srv_1.0.0.service
failed.

I am using last version of snappy-tools while building snap.
Is there something I'm missing?

Below is my system info:

(RaspberryPi2)ubuntu at localhost:~$ sudo snappy list
Name           Date       Version Developer
ubuntu-core    2015-04-10 4
hello-dbus-fwk 2015-06-01 1.0.0
pi2            2015-04-15 0.11    lool

(RaspberryPi2)ubuntu at localhostlsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu Vivid Vervet (development branch)
Release:        15.04
Codename:       vivid



-Sergey



> ---------- Forwarded message ----------
> From: Jamie Strandboge <jamie at canonical.com>
> To: snappy-devel at lists.ubuntu.com
> Cc:
> Date: Fri, 29 May 2015 12:31:01 -0500
> Subject: Re: Dbus system config for framework and app snaps
> On 05/29/2015 10:29 AM, Sergey Demyanov wrote:
> > Hi everyone,
> >
> >
> > I wanted to reiterate question on the way snap developers would
> configure dbus
> > permissions if needed. Since we have to use System bus for snaps by
> default we
> > cannot own and register objects on the bus.
> > As of now the only way is to copy own .config file
> > into /etc/dbus-1/system.d/ but in recent builds that partition is read
> only and
> > remounting seems like a big hack.
> > May be it is possible to allow some namespace prefix for snaps to own or
> include
> > config into snap package and make snappy apply it during install?
> >
> > Should I open bug for this or first discuss here the way to do it?
>
> This was implemented just before 15.04 was released via 'bus-name' in the
> package.yaml for frameworks[1]. Under the hood, when a framework snap
> service
> specifies 'bus-name', snappy will update the system service to include
> BusName=
> and Type=dbus and snappy will also create simple bus policy in
> /etc/dbus-1/system.d. You can see 'hello-dbus' from the snappy-examples[2]
> for a
> working example, or install them on your system:
>
> $ sudo snappy install hello-dbus-fwk
> $ sudo snappy install hello-dbus-app
> $ hello-dbus-app.client
> PASS
>
> [1]https://developer.ubuntu.com/en/snappy/guides/frameworks/
> [2]
> http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/files/head:/hello-dbus/
>
> --
> Jamie Strandboge                 http://www.ubuntu.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150601/bd19a5e1/attachment.html>

More information about the snappy-devel mailing list