Dbus system config for framework and app snaps
sergey at devicehive.com
sergey at devicehive.com
Mon Jun 1 18:51:30 UTC 2015
Thank you Jamie,
those links are very helpful and I was able to do some progress with my snaps.
On snappy vm (amd64) my framework snap installs and registers on dbus, I can also see
dbus config generated for it.
But today I was doing more tests on RPi2 image (latest, 15 Apr build) and I got permission
error after snap install. I have tried the package-dir-fwk example but got the same error:
Jun 1 17:39:09 localhost kernel: [ 3787.848606] audit: type=1400 audit(1433180349.509:13):
apparmor="STATUS" operation="profile_load" profile="unconfined"
name="hello-dbus-fwk_srv_1.0.0" pid=1786 comm="apparmor_parser"
Jun 1 17:39:09 localhost systemd[1]: Reloading.
Jun 1 17:39:09 localhost systemd[1]: Started hello-dbus-fwk test service.
Jun 1 17:39:09 localhost systemd[1]: Starting hello-dbus-fwk test service...
Jun 1 17:39:09 localhost dbus_service.start[1803]: FAIL:
org.freedesktop.DBus.Error.AccessDenied: Connection ":1.26" is not allowed to own the
service "com.canonical.hello-dbus-fwk" due to security policies in the configuration file
Jun 1 17:39:10 localhost systemd[1]: hello-dbus-fwk_srv_1.0.0.service: main process exited,
code=exited, status=1/FAILURE
Jun 1 17:39:10 localhost systemd[1]: Unit hello-dbus-fwk_srv_1.0.0.service entered failed
state.
Jun 1 17:39:10 localhost systemd[1]: hello-dbus-fwk_srv_1.0.0.service failed.
I am using last version of snappy-tools while building snap.
Is there something I'm missing?
Below is my system info:
(RaspberryPi2)ubuntu at localhost:~$ sudo snappy list
Name Date Version Developer
ubuntu-core 2015-04-10 4
hello-dbus-fwk 2015-06-01 1.0.0
pi2 2015-04-15 0.11 lool
(RaspberryPi2)ubuntu at localhostlsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Vivid Vervet (development branch)
Release: 15.04
Codename: vivid
-Sergey
On 29 May 2015 at 12:31, Jamie Strandboge wrote:
> On 05/29/2015 10:29 AM, Sergey Demyanov wrote:
> > Hi everyone,
> >
> >
> > I wanted to reiterate question on the way snap developers would configure dbus
> > permissions if needed. Since we have to use System bus for snaps by default we
> > cannot own and register objects on the bus.
> > As of now the only way is to copy own .config file
> > into /etc/dbus-1/system.d/ but in recent builds that partition is read only and
> > remounting seems like a big hack.
> > May be it is possible to allow some namespace prefix for snaps to own or include
> > config into snap package and make snappy apply it during install?
> >
> > Should I open bug for this or first discuss here the way to do it?
>
> This was implemented just before 15.04 was released via 'bus-name' in the
> package.yaml for frameworks[1]. Under the hood, when a framework snap service
> specifies 'bus-name', snappy will update the system service to include BusName=
> and Type=dbus and snappy will also create simple bus policy in
> /etc/dbus-1/system.d. You can see 'hello-dbus' from the snappy-examples[2] for a
> working example, or install them on your system:
>
> $ sudo snappy install hello-dbus-fwk
> $ sudo snappy install hello-dbus-app
> $ hello-dbus-app.client
> PASS
>
> [1]https://developer.ubuntu.com/en/snappy/guides/frameworks/
> [2]http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/files/head:/hello-dbus/
>
> --
> Jamie Strandboge http://www.ubuntu.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150601/1614aee0/attachment.html>
More information about the snappy-devel
mailing list