they haz a PPA… but i don’t want to add another PPA
Screenshots https://github.com/aristocratos/bashtop#screenshots
they haz a PPA… but i don’t want to add another PPA
Screenshots https://github.com/aristocratos/bashtop#screenshots
That’s pretty!
Here’s a start for someone who wants to try this.
name: bashtop
base: core18 # the base snap is the execution environment for this snap
adopt-info: bashtop
summary: Linux resource monitor
description: |
Resource monitor that shows usage and stats for processor, memory, disks, network and processes.
Features
* Easy to use, with a game inspired menu system.
* Fast and "mostly" responsive UI with UP, DOWN keys process selection.
* Function for showing detailed stats for selected process.
* Ability to filter processes.
* Easy switching between sorting options.
* Send SIGTERM, SIGKILL, SIGINT to selected process.
* UI menu for changing all config file options.
* Auto scaling graph for network usage.
* Shows message in menu if new version is available
grade: stable
confinement: strict
parts:
bashtop:
plugin: make
source: https://github.com/aristocratos/bashtop.git
build-packages:
- build-essential
stage-packages:
- curl
- coreutils
- sed
- awk
- grep
apps:
bashtop:
command: bashtop
plugs:
- mount-observe
- network-control
- process-control
- system-observe
This builds and can be installed, but fails with:
mkfifo: cannot create fifo '/dev/shm/bashtop_datefifo': Permission denied
/snap/bashtop/x2/usr/local/bin/bashtop: line 242: /dev/shm/bashtop_datefifo: No such file or directory
/snap/bashtop/x2/usr/local/bin/bashtop: line 241: /dev/shm/bashtop_datefifo: Permission denied
rm: cannot remove '/dev/shm/bashtop_datefifo': No such file or directory
try snapcraft-preload with the env var SNAPCRAFT_PRELOAD_REDIRECT_ONLY_SHM=1
set, that should make the /dev/shm
denials go away
D’oh. I keep forgetting about that. Thanks
Sadly that didn’t do it.
name: bashtop
base: core18 # the base snap is the execution environment for this snap
adopt-info: bashtop
summary: Linux resource monitor
description: |
Resource monitor that shows usage and stats for processor, memory, disks, network and processes.
Features
* Easy to use, with a game inspired menu system.
* Fast and "mostly" responsive UI with UP, DOWN keys process selection.
* Function for showing detailed stats for selected process.
* Ability to filter processes.
* Easy switching between sorting options.
* Send SIGTERM, SIGKILL, SIGINT to selected process.
* UI menu for changing all config file options.
* Auto scaling graph for network usage.
* Shows message in menu if new version is available
grade: stable
confinement: strict
parts:
snapcraft-preload:
source: https://github.com/sergiusens/snapcraft-preload.git
plugin: cmake
build-packages:
- on amd64:
- gcc-multilib
- g++-multilib
bashtop:
plugin: make
source: https://github.com/aristocratos/bashtop.git
override-pull: |
snapcraftctl pull
last_committed_tag="$(git describe --tags --abbrev=0)"
last_committed_tag_ver="$(echo ${last_committed_tag} | sed -e 's/v//')"
last_released_tag="$(snap info $SNAPCRAFT_PROJECT_NAME | awk '$1 == "latest/beta:" { print $2 }')"
# If the latest tag from the upstream project has not been released to
# beta, build that tag instead of master.
if [ "${last_committed_tag_ver}" != "${last_released_tag}" ]; then
git fetch
git checkout "${last_committed_tag}"
fi
snapcraftctl set-version $(git describe --tags --abbrev=0)
build-packages:
- build-essential
stage-packages:
- curl
- coreutils
- sed
- awk
- grep
apps:
bashtop:
command: snapcraft-preload $SNAP/usr/local/bin/bashtop
environment:
SNAPCRAFT_PRELOAD_REDIRECT_ONLY_SHM: 1
plugs:
- mount-observe
- network-control
- process-control
- system-observe
$ bashtop
mkfifo: cannot create fifo '/dev/shm/bashtop_datefifo': Permission denied
/snap/bashtop/x4/usr/local/bin/bashtop: line 242: /dev/shm/bashtop_datefifo: No such file or directory
$ snap connections bashtop
Interface Plug Slot Notes
mount-observe bashtop:mount-observe - -
network-control bashtop:network-control - -
process-control bashtop:process-control :process-control manual
system-observe bashtop:system-observe :system-observe manual
any system journal denials? with and without snapcraft-preload?
Ah, looks like it has a bunch of hard-wired paths
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377342.944:33059): apparmor="DENIED" operation="mknod" profile="snap.bashtop.bashtop" name="/dev/shm/bashtop_datefifo" pid=2793950 comm="mkfifo" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377342.980:33060): apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/home/alan/Source/personal/bashtop/" pid=2793953 comm="bash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.004:33061): apparmor="DENIED" operation="exec" profile="snap.bashtop.bashtop" name="/usr/bin/lscpu" pid=2793966 comm="bash" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.004:33062): apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/usr/bin/lscpu" pid=2793966 comm="bash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.020:33063): apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/run/utmp" pid=2793972 comm="uptime" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.020:33064): apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/run/utmp" pid=2793972 comm="uptime" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.028:33065): apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/home/alan/Source/personal/bashtop/" pid=2793927 comm="bash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.036:33066): apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/proc/2793974/mountinfo" pid=2793974 comm="df" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.036:33067): apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/proc/2793974/mounts" pid=2793974 comm="df" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[Wed May 13 14:42:22 2020] audit: type=1400 audit(1589377343.040:33068): apparmor="DENIED" operation="exec" profile="snap.bashtop.bashtop" name="/bin/ip" pid=2793976 comm="bash" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
This is with snapcraft-preload (without the env var). So there’s a bunch more interfaces to add, at least.
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="mknod" profile="snap.bashtop.bashtop" name="/dev/shm/bashtop_datefifo" pid=2804999 comm="mkfifo" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
File: /dev/shm/bashtop_datefifo (write)
Suggestions:
* adjust program to create files and directories in /dev/shm/snap.$SNAP_NAME.*
* try the snapcraft preload plugin: https://github.com/sergiusens/snapcraft-preload
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="exec" profile="snap.bashtop.bashtop" name="/usr/bin/lscpu" pid=2805015 comm="bash" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /usr/bin/lscpu (exec)
Suggestions:
* adjust snap to ship 'lscpu'
* adjust program to use relative paths if the snap already ships 'lscpu'
* add one of 'hardware-observe' to 'plugs'
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/usr/bin/lscpu" pid=2805015 comm="bash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /usr/bin/lscpu (read)
Suggestions:
* adjust snap to ship 'lscpu'
* adjust program to use relative paths if the snap already ships 'lscpu'
* add one of 'hardware-observe' to 'plugs'
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/run/utmp" pid=2805021 comm="uptime" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/utmp (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)
* add 'login-session-observe' to 'plugs'
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/proc/2805023/mountinfo" pid=2805023 comm="df" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
File: /proc/2805023/mountinfo (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/mountinfo'
* add 'mount-observe' to 'plugs'
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/proc/2805023/mounts" pid=2805023 comm="df" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
File: /proc/2805023/mounts (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/mounts'
* add one of 'mount-observe, network-control' to 'plugs'
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="exec" profile="snap.bashtop.bashtop" name="/bin/ip" pid=2805025 comm="bash" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
File: /bin/ip (exec)
Suggestions:
* adjust snap to ship 'ip'
* adjust program to use relative paths if the snap already ships 'ip'
* add one of 'network-control, network-observe' to 'plugs'
= AppArmor =
Time: May 13 14:47:49
Log: apparmor="DENIED" operation="open" profile="snap.bashtop.bashtop" name="/bin/ip" pid=2805025 comm="bash" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /bin/ip (read)
Suggestions:
* adjust snap to ship 'ip'
* adjust program to use relative paths if the snap already ships 'ip'
* add one of 'network-control, network-observe' to 'plugs'
= AppArmor =
Time: May 13 14:47:50
Log: apparmor="DENIED" operation="create" profile="snap.bashtop.bashtop" pid=2805028 comm="curl" family="inet6" sock_type="dgram" protocol=0 requested_mask="create" denied_mask="create"
Getting closer.
Down to just this, with the preload and environment variable.
= AppArmor =
Time: May 13 14:59:22
Log: apparmor="DENIED" operation="mknod" profile="snap.bashtop.bashtop" name="/dev/shm/bashtop_datefifo" pid=2829740 comm="mkfifo" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
File: /dev/shm/bashtop_datefifo (write)
Suggestions:
* adjust program to create files and directories in /dev/shm/snap.$SNAP_NAME.*
* try the snapcraft preload plugin: https://github.com/sergiusens/snapcraft-preload
sorry I’m out of time to look into this right now, but you might try looking in the apparmor profile to see what paths are allowed for mknod if any, not sure if we allow mknod, even for dev/shm paths. it’s also possible that we allow it, but that snapcraft-preload isn’t working. maybe try snapcraft-preload without that env var to have it redirect everything?
https://github.com/aristocratos/bashtop/blob/master/bashtop#L231 is where the snap is calling out to mkfifo. It tries to use XDG_RUNTIME_DIR; are you resetting it somewhere? Your snap may need to create the directory itself (this is something that, for example, desktop-launch does for the snap). Are you by chance running this under sudo as root? If so, there is a known issue where XDG_RUNTIME_DIR is not being created under sudo and while the snap can create say, /run/user/0/snap.bashtop
, it cannot create /run/user/0
which likely does not exist.
Depending on what you need, you may just create the directory or you might patch bashtop during the build to use SNAP_USER_COMMON or something.
yay