Dbus system config for framework and app snaps

sergey at devicehive.com sergey at devicehive.com
Mon Jun 1 18:51:30 UTC 2015

Thank you Jamie, 

those links are very helpful and I was able to do some progress with my snaps. 
On snappy vm (amd64) my framework snap installs and registers on dbus, I can also see 
dbus config generated for it.

But today I was doing more tests on RPi2 image (latest, 15 Apr build) and I got permission 
error after snap install. I have tried the package-dir-fwk example but got the same error:

Jun  1 17:39:09 localhost kernel: [ 3787.848606] audit: type=1400 audit(1433180349.509:13): 
apparmor="STATUS" operation="profile_load" profile="unconfined" 
name="hello-dbus-fwk_srv_1.0.0" pid=1786 comm="apparmor_parser"
Jun  1 17:39:09 localhost systemd[1]: Reloading.
Jun  1 17:39:09 localhost systemd[1]: Started hello-dbus-fwk test service.
Jun  1 17:39:09 localhost systemd[1]: Starting hello-dbus-fwk test service...
Jun  1 17:39:09 localhost dbus_service.start[1803]: FAIL: 
org.freedesktop.DBus.Error.AccessDenied: Connection ":1.26" is not allowed to own the 
service "com.canonical.hello-dbus-fwk" due to security policies in the configuration file
Jun  1 17:39:10 localhost systemd[1]: hello-dbus-fwk_srv_1.0.0.service: main process exited, 
code=exited, status=1/FAILURE
Jun  1 17:39:10 localhost systemd[1]: Unit hello-dbus-fwk_srv_1.0.0.service entered failed 
Jun  1 17:39:10 localhost systemd[1]: hello-dbus-fwk_srv_1.0.0.service failed.

I am using last version of snappy-tools while building snap. 
Is there something I'm missing? 

Below is my system info:

(RaspberryPi2)ubuntu at localhost:~$ sudo snappy list
Name           Date       Version Developer
ubuntu-core    2015-04-10 4
hello-dbus-fwk 2015-06-01 1.0.0
pi2            2015-04-15 0.11    lool

(RaspberryPi2)ubuntu at localhostlsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu Vivid Vervet (development branch)
Release:        15.04
Codename:       vivid


On 29 May 2015 at 12:31, Jamie Strandboge wrote:

> On 05/29/2015 10:29 AM, Sergey Demyanov wrote:
> > Hi everyone,
> > 
> > 
> > I wanted to reiterate question on the way snap developers would configure dbus
> > permissions if needed. Since we have to use System bus for snaps by default we
> > cannot own and register objects on the bus. 
> > As of now the only way is to copy own .config file
> > into /etc/dbus-1/system.d/ but in recent builds that partition is read only and
> > remounting seems like a big hack. 
> > May be it is possible to allow some namespace prefix for snaps to own or include
> > config into snap package and make snappy apply it during install?
> > 
> > Should I open bug for this or first discuss here the way to do it? 
> This was implemented just before 15.04 was released via 'bus-name' in the
> package.yaml for frameworks[1]. Under the hood, when a framework snap service
> specifies 'bus-name', snappy will update the system service to include BusName=
> and Type=dbus and snappy will also create simple bus policy in
> /etc/dbus-1/system.d. You can see 'hello-dbus' from the snappy-examples[2] for a
> working example, or install them on your system:
> $ sudo snappy install hello-dbus-fwk
> $ sudo snappy install hello-dbus-app
> $ hello-dbus-app.client
> [1]https://developer.ubuntu.com/en/snappy/guides/frameworks/
> [2]http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/files/head:/hello-dbus/
> -- 
> Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150601/1614aee0/attachment.html>

More information about the snappy-devel mailing list