Allow plugging gpm (general purpose mouse) in strict confinement

msokalski · September 15, 2021, 10:45am

I’ve tried to snap my textmode game, which runs best in genuine linux console, but I’ve failed with mouse support.

I use gpm package (libgpm-dev, libgpm2) which tries to open:

/dev/tty# (1…n) for monitoring console size
/dev/gpmctl for communicating with gpm daemon which reports mouse events.

It works just fine if snap has devmode or classic confinement but with strict libgpm fails with permission denied when trying to open above devices.

Here’s log from snappy-debug.security scanlog (with strict snap):
= AppArmor =
Time: Sep 15 12:35:02
Log: apparmor=“DENIED” operation=“open” profile=“snap.asciicker.term” name="/dev/tty3" pid=381017 comm=“game_term” requested_mask=“w” denied_mask=“w” fsuid=1000 ouid=1000
File: /dev/tty3 (write)
Suggestion:
* adjust program to not access ‘/dev/tty[0-9]*’

= AppArmor =
Time: Sep 15 12:43:39
Log: apparmor=“DENIED” operation=“connect” profile=“snap.asciicker.term” name="/dev/gpmctl" pid=383736 comm=“game_term” requested_mask=“wr” denied_mask=“wr” fsuid=1000 ouid=0
File: /dev/gpmctl (write)

= AppArmor =
Time: Sep 15 12:43:39
Log: apparmor=“DENIED” operation=“open” profile=“snap.asciicker.term” name="/dev/gpmctl" pid=383736 comm=“game_term” requested_mask=“wr” denied_mask=“wr” fsuid=1000 ouid=0
File: /dev/gpmctl (write)

Is this possible to fix it?
I will appreciate your help!

ogra · September 15, 2021, 11:08am

i doubt that’s anything the snapcraft team could fix … there is simply no interface that allows access to gpmctl …

i had moved the post to the snapd category so the right team sees it but somehow it moved back to the packaging tool queue…

msokalski · September 15, 2021, 12:07pm

Oh thanks, that was me, sorry. I’ll tag it back as snapd.