Cannot run packaged dmidecode on UC18 (works fine on UC16)


I have a snap that packages dmidecode and uses it to retrieve firmware-related information at launch.

I discovered that this works fine on classic and UC16, but it fails on UC18 with the following error:

$ snap run --shell qabro
$ sudo env PATH=/snap/qabro/100/usr/sbin:/snap/qabro/100/usr/bin:/snap/qabro/100/sbin:/snap/qabro/100/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/
usr/bin:/sbin:/bin:/usr/games:/usr/local/games dmidecode -s system-manufacturer
/dev/mem: Operation not permitted
/dev/mem: Bad file descriptor

Is it expected from UC18? How can I solve this issue?


You need to plugs physical-memory-observe and either be root or in the kmem group.

If you meet all those criteria, there might be a dmidecode or kernel bug since physical-memory-observe is supposed to ‘with STRICT_DEVMEM=y, allow reading /dev/mem for read-only access to architecture-specific subset of the physical address (eg, PCI, space, BIOS code and data regions on x86, etc).’ If you feel this is the case, perhaps using base: core18 would get you a dmidecode that would work on that kernel.

Thanks for the reply, @jdstrand!

I currently install my snap with --devmode and it’s already using base: core18. Does devmode requires plugs anyway, or does it bypass this mechanism completely?

–devmode just turns all denials into allowances but you still get an audit log entry for each and every access to the interface until you connect it.

so to avoid flooding your journal you should still connect as many interfaces as you can, even in devmode (also makes debugging easier if you dont have to fish out the relevant error messages from a sea of pointless “ALLOWED” messages :wink: )

I feel obligated to point out I know of the existence of a snap that works in strict mode with the plugs, but doesn’t work in devmode with the same plugs, so there could be dragons there…

Also I’ll say that snap was a complicated Qt snap with ROS stuff so probably much different from this

Well, devmode is supposed to work like this, so if you see bugs, please report them.