hello, can i get help with this?
+1 from me - this is a core function for this snap.
+1 from me too, for auto-connection of serial-port, as this is required for data input into the network-sports-icarus snap.
+2 votes for, 0 votes against, granting auto-connect of serial-port with greedy plugs - note for this to work best you may want to enable hotplug as well (or if you are using a custom gadget snap which provides the serial-port slot then instead we can look at granting a store declaration for this gadget snap to specify auto-connect for serial-port of network-sports-icarus on the slot side as that would be more specific).
I notice the snap now declares it’s own serial port slot - this doesn’t make sense as serial-ports can only be provided by gadget snaps (or the system when using hotplug as detailed above). So please remove this serial-port slot and any reference to it (but keep the serial-port plug entry) and it should then pass automated review.
Good day,
following instructions I modified the .yaml file and left plugs: [serial-port].
When trying to run the application it crashed and the system logs i could see several apparmor DENIED logs. Reading through the forums I was able to clear some apparmor DENIED logs by adding desktop, desktop-legacy, network, network-control plugs etc, etc.
One issue I have is apparmor DENIED for ‘/run/systemd/resolve/resolv.conf’. A suggestion on How to modify name resolution parameters from a snap? is to add the plug for system-files and this requires to be manual reviews.
Can I get system-files permissions to pass automatically? @alexmurray
Can you please provide details as to why access to this file is needed and also whether you are requesting permission just to read it or to read/write to it? Thanks.
Also I took a quick look at your latest uploaded snap - to use the system-files interface you can’t just declare plugs: system-files - please take a closer look at the documentation for this interface at The system-files interface.
Instead you need to define a system-files plug for your own snap which declares what file paths are being accessed and what permissions are being used and you need to give that interface a nice user-understandable name - for instance you could use something like the following if you need just read access to this file:
plugs:
run-systemd-resolve-resolve-conf:
interface: system-files
read:
- /run/systemd/resolve/resolve.conf
apps:
network-sports-icarus:
plugs:
- run-systemd-resolve-resolve-conf
...
If however you wish to have read+write access then change the read: to write:.
But can you please elaborate on why your snap requires access to this file and for what purpose so we can properly understand this request? Thanks.
Hello @alexmurray,
Thanks for the reply and the example, I appreciate it much. I’m new to snapcraft and learning in the way.
The application needs to access system files because the game is developed in react and mounted in electron, I believe the services required are used by chromium, in the link you sent me the example says that The Firefox, Chromium and Thunderbird snaps use this interface to enable access to system-installed policies to customise each respective application.
I am using electron-builder top-level snap key contains set of options to build the snap.
I cant seem to find a way to use apps: option like your example but I managed to upload a new snap build configured this way:
plugs:
- serial-port
- desktop
- desktop-legacy
- home
- browser-support
- unity7
- network
- network-control
- chromium:
interface: system-files
read:
- /run/systemd/resolve/stub-resolve.conf
- /etc/hosts
- /etc/host.confs
- /home/darts/.config/dconf/userbumping this thread waiting for reply.
Ok, so it looks like you are correctly defining your systems-files plug correctly now, which is good.
However, I am wondering if you actually need this system-files plug at all:
-
readaccess to/run/systemd/resolve/stub-resolv.confis already provided when pluggingnetwork -
/etc/hostsand/etc/hosts.confis not normally required by snaps - can you please show any errors which occur when running your snap for this file? - Finally if you plug the
gsettingsinterface your snap should gain the access for/home/darts/.config/dconf/user.
So in summary: since your snap already plugs network you can remove the /run/systemd/resolve/stub-resolve.conf - and if you plug gsettings you can remove /home/darts/.config/dconf/user - and I suspect /etc/hosts should not actually be required either so please can you provide more info regarding that.
Hello @alexmurray and @emitorino,
I changed my snap configuration to suggested. The snap application is not crashing anymore and I was able to run the application on beta channel.
When I tested I am not able to register any kind of input using serial port. When I check the logs this is the permission denied i am getting. Can you please assist me what could i be missing? Thanks in advanced!
Hi @alexmurray
I enabled hotplugs using command $ sudo snap set system experimental.hotplug=true
I still get the same error Permission denied, cannot open /dev/ttyS0
Do I need to do additional configuration like adding slots to the .yaml?
does your app have serial-port defined in plugs: and did you use snap connect ... to connect your app to the hotpluggable slot as described in the hotplug doc ?
(also, is your user in the “dialout” group ? snap interfaces do not change permissions so if your user can not write to the interface outside of the snap env, it wont be able to do that inside either)
Hello @ogra
Thanks for jumping in!
- I enabled hot plugs and reboot.
- serial-port is listed in plugs (Im pasting an image of my .yaml configuration).
- My user is in the dialout group (I previously did this in order to make it work on devmode).
- I ran
snap interface serial-portand no slots are listed, see image (I assume the slot listed here is the one I would need tosnap connect ...). - By the way the device im connecting is NOT via USB.
oh, then hotplug wont help i fear, it currently only works for usb-serial devices i think…
Hello,
Im still having this issue when running the app in beta in strict confinement gives me a permission denied to the serial port im trying to connect to.
If running in edge channel in --devmode the serial port works good. Any thoughts what could i be missing or why i keep getting serial port permission denied?