We are developing an electronic dart cabinet snap that uses an electronic dart board that connects to computer which uses our snap app. The electronic dart board registers each dart input and lets the computer know through serial port which segment was inputed. The snap is set to private as its in development and we are now moving away from devmode and test in other channels.
The snap needs privileged access to an interface that is not automatically connected (serial-port).
At the moment, I’d like to publish to the snap store (beta) to test out installing the snap and playing darts game with the electronic board. This is still in development.
+2 votes for, 0 votes against, granting auto-connect of serial-port with greedy plugs - note for this to work best you may want to enable hotplug as well (or if you are using a custom gadget snap which provides the serial-port slot then instead we can look at granting a store declaration for this gadget snap to specify auto-connect for serial-port of network-sports-icarus on the slot side as that would be more specific).
I notice the snap now declares it’s own serial port slot - this doesn’t make sense as serial-ports can only be provided by gadget snaps (or the system when using hotplug as detailed above). So please remove this serial-port slot and any reference to it (but keep the serial-port plug entry) and it should then pass automated review.
following instructions I modified the .yaml file and left plugs: [serial-port].
When trying to run the application it crashed and the system logs i could see several apparmor DENIED logs. Reading through the forums I was able to clear some apparmor DENIED logs by adding desktop, desktop-legacy, network, network-control plugs etc, etc.
One issue I have is apparmor DENIED for ‘/run/systemd/resolve/resolv.conf’. A suggestion on How to modify name resolution parameters from a snap? is to add the plug for system-files and this requires to be manual reviews.
Can I get system-files permissions to pass automatically? @alexmurray
Can you please provide details as to why access to this file is needed and also whether you are requesting permission just to read it or to read/write to it? Thanks.
Also I took a quick look at your latest uploaded snap - to use the system-files interface you can’t just declare plugs: system-files - please take a closer look at the documentation for this interface at The system-files interface.
Instead you need to define a system-files plug for your own snap which declares what file paths are being accessed and what permissions are being used and you need to give that interface a nice user-understandable name - for instance you could use something like the following if you need just read access to this file:
Thanks for the reply and the example, I appreciate it much. I’m new to snapcraft and learning in the way.
The application needs to access system files because the game is developed in react and mounted in electron, I believe the services required are used by chromium, in the link you sent me the example says that The Firefox, Chromium and Thunderbird snaps use this interface to enable access to system-installed policies to customise each respective application.
I am using electron-builder top-level snap key contains set of options to build the snap.
I cant seem to find a way to use apps: option like your example but I managed to upload a new snap build configured this way:
Ok, so it looks like you are correctly defining your systems-files plug correctly now, which is good.
However, I am wondering if you actually need this system-files plug at all:
read access to /run/systemd/resolve/stub-resolv.conf is already provided when plugging network
/etc/hosts and /etc/hosts.conf is not normally required by snaps - can you please show any errors which occur when running your snap for this file?
Finally if you plug the gsettings interface your snap should gain the access for /home/darts/.config/dconf/user.
So in summary: since your snap already plugs network you can remove the /run/systemd/resolve/stub-resolve.conf - and if you plug gsettings you can remove /home/darts/.config/dconf/user - and I suspect /etc/hosts should not actually be required either so please can you provide more info regarding that.
I changed my snap configuration to suggested. The snap application is not crashing anymore and I was able to run the application on beta channel.
When I tested I am not able to register any kind of input using serial port. When I check the logs this is the permission denied i am getting. Can you please assist me what could i be missing? Thanks in advanced!
does your app have serial-port defined in plugs: and did you use snap connect ... to connect your app to the hotpluggable slot as described in the hotplug doc ?
(also, is your user in the “dialout” group ? snap interfaces do not change permissions so if your user can not write to the interface outside of the snap env, it wont be able to do that inside either)