Fwd: Member not found

Gábor Paller gaborpaller at gmail.com
Fri Oct 30 19:08:56 UTC 2015 

"On 15.04 you have two options, either use hw-assign (which is aimed at
developers) or use oem assign"

So is that "hw-assign" necessary after every installation? I suspect it is
as the access to the ttyO1 device is not present in the apparmor file so
whenever the package is reinstalled, the permission has to be granted
again. Am I right?

Also, what is the "caps" in the package.yaml that gives me access to the
/dev/ttyO1?

Regards,
Gabor

On Fri, Oct 30, 2015 at 7:32 PM, Jamie Strandboge <jamie at canonical.com>
wrote:

> On 10/30/2015 01:12 PM, Gábor Paller wrote:
> > " Then install it and use 'snappy hw-assign' to give access to the
> > device to your snap."
> >
> > Is that "snappy hw-assign" necessary after every installation?
> >
> On 15.04 you have two options, either use hw-assign (which is aimed at
> developers) or use oem assign (which is aimed at appliance builders). If
> you are
> interested in oem assign, you might want to take a look at the appliance
> builder
> guide:
>
>
> https://developer.ubuntu.com/en/snappy/guides/appliance-builder-guide-webcam/
>
> The upcoming documentation updates I mentioned will also cover this in
> more detail.
>
> Jamie
>
> PS - note, hardware access is in the process of being redesigned and future
> versions (eg, 16.04) of snappy will do things differently. Keep an eye on
> this
> list for details in the coming months.
>
> > On Fri, Oct 30, 2015 at 6:58 PM, Jamie Strandboge <jamie at canonical.com
> > <mailto:jamie at canonical.com>> wrote:
> >
> >     On 10/30/2015 12:08 PM, Gábor Paller wrote:
> >     > "This is an old yaml format and the policy vendor and version you
> are using
> >     > indicate this is from tools from before the 15.04 release (and
> there was a lot
> >     > of snappy activity prior to release)."
> >     >
> >     > I ran the new packaging tool and it generated an apparmor file
> like this:
> >     > {
> >     >   "template": "default",
> >     >   "policy_groups": [
> >     >     "networking"
> >     >   ],
> >     >   "policy_vendor": "ubuntu-core",
> >     >   "policy_version": 15.04
> >     > }
> >     >
> >     > It would be tempting to insert my read_path and write_path
> statements like
> >     > previously except that the packaging tool always overwrites this
> file whenever I
> >     > generate the package.
> >
> >     Right, you aren't specifying the security policy correctly. The json
> file you
> >     are using is not how security policy is defined and you should be
> using the
> >     meta/package.yaml file instead and remove the .apparmor files you
> currently have
> >     (also, this intermediate json file is present for historical reasons
> and is
> >     currently in the process of being removed).
> >
> >     Eg:
> >
> >
> http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/view/head:/python-xkcd-webserver/meta/package.yaml
> >
> >     For your particular case, simply remove any reference to security-*
> or caps in
> >     your binaries and services section and rebuild the snap. This will
> give you the
> >     default policy. Then install it and use 'snappy hw-assign' to give
> access to the
> >     device to your snap.
> >
> >     > It may be the limitation of my mental capabilities but a
> >     > file like this:
> >     >
> https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.apparmor
> >     > or this:
> >     >
> https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.seccomp
> >     > exceeds what I am capable of.
> >     >
> >     > Is there any way to modify somehow the apparmor file that is
> generated into my
> >     > meta directory and make sure that the packaging tool does not
> overwrite my changes?
> >     >
> >     That isn't how it works for the typical cases (see above) and the
> URLs you gave
> >     are for framework snaps with hand-crafted policy.
> >
> >     It seems perhaps you are familiar with the out of date tools and
> instructions; I
> >     recommend reading up on the latest documentation here:
> >
> >     http://developer.ubuntu.com/snappy
> >
> >     That should clear a lot of things up. Also, more documentation
> updates are
> >     pending and should hit the site in the coming weeks.
> >
> >     --
> >     Jamie Strandboge                 http://www.ubuntu.com/
> >
> >
>
>
> --
> Jamie Strandboge                 http://www.ubuntu.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20151030/4cd15ba1/attachment-0001.html>

More information about the snappy-devel mailing list