Apparmor error while accessing system file

Hello,

I am getting apparmor “denied” error while accessing system files .
I had already successfully connected “hardware-observe” interface but not sure how to avoid below error :

= AppArmor =
Time: Aug 30 16:24:49
Log: apparmor=“DENIED” operation=“open” profile=“snap.lenovo-wwan-dpr.wwan-dpr” name="/sys/devices/pci0000:00/0000:00:1c.0/0000:08:00.0/power/control" pid=3938 comm=“DPR_quectel_ser” requested_mask=“w” denied_mask=“w” fsuid=0 ouid=0
File: /sys/devices/pci0000:00/0000:00:1c.0/0000:08:00.0/power/control (write)
Suggestions:

  • adjust program to not access ‘/sys/devices/pci0000:00/0000:00:1c.0/0000:08:00.0/power/control’
  • adjust program to not access ‘/sys/devices/pci[0-9]:[0-9]/[0-9]:[0-9]:[0-9]c.[0-9]/[0-9]:[0-9]:[0-9].[0-9]/power/control’

Any information regarding this will be helpful.

Thank you !!

that sounds like a bug in snappy-debug not telling you about the power-control interface here …

thank you @ogra ,above issue is fixed by adding power-control.
It looks this interface is also missing in documentation here: https://snapcraft.io/docs/supported-interfaces
Also , i think i need manual approval for autoconnect . is it correct ?

I am still getting below issue but its related to systemctl:

= AppArmor =
Time: Aug 30 17:46:59
Log: apparmor=“DENIED” operation=“exec” profile=“snap.lenovo-wwan-dpr.wwan-dpr” name="/usr/bin/systemctl" pid=3882 comm=“sh” requested_mask=“x” denied_mask=“x” fsuid=0 ouid=0
File: /usr/bin/systemctl (exec)
Suggestions:

  • adjust snap to ship ‘systemctl’
  • adjust program to use relative paths if the snap already ships ‘systemctl’

Any suggestion regarding this will be helpful.
Thank you !!

yup, if you look a few lines above in the code i linked you will find:

deny-auto-connection: true

that means you need to ask for it in the store-requests category if you want it to auto-connect …

regarding systemctl, you can not actually talk to it from a snap, what exactly is your code trying to do ?

Understood . Thank you for this information.

I want to perform “systemctl restart ModemManager.service”

well, you can normally not start/stop/restart other snaps from a snap …

the modem-manager interface allows dbus communication with a running modem-manager snap though, perhaps you can write a script that sends a dbus call to restart it or some such …

I need to check and try how this can be achieved. Is there any example which i can refer or this is the one https://snapcraft.io/docs/dbus-interface
I have not installed “modemmanager” using snap . Still communication will happen using dbus ?

yes, the modem-manager interface will just allow you to send/receive to/from the ModemManager object on dbus … but i’m not sure something like restart is allowed, you should try with dbus-send …

@ogra Thank you for this information and also for your support. I will check it from my side and update, if any further query.