meamka
August 10, 2020, 10:13am
1
I’ve just published my first snap - Norka - text editor with its own database inside and the ability to export files to local storage. It is based on Python3 and Gtk so it requires dbus interface which was added to snapcraft.yml. After that change the app now starts properly and able to create a database. But…
The new problem comes to me - export to local storage does nothing. I mean there are no exceptions or dangerous logs but no files are saved to disk. Search through forum gives me this Python multiprocessing sem_open blocked in strict mode - #12 by jonata thread. I tried to use snapcraft-preload but has no luck
I need help.
Did you check that it is not being stored to the snap’s home directory in /home/user/snap/<snap-name>/current/...
?
meamka
August 10, 2020, 3:53pm
3
Yup. The folder is empty. I’ve tried it on freshly installed Ubuntu 20.04 by the way. When I used the same snap on ElementaryOS it works very well and exports successfully.
Do you see any system journal denials with journalctl -e --no-pager | grep DENIED
?
1 Like
meamka
August 10, 2020, 5:42pm
5
Oh, there’s a lot!
Most of them looks like:
авг 10 20:39:34 meamka-Standard-PC-i440FX-PIIX-1996 kernel: audit: type=1400 audit(1597081174.814:3232): apparmor="DENIED" operation="open" profile="snap.norka.norka" name="/proc/2178/mounts" pid=2178 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
авг 10 20:39:34 meamka-Standard-PC-i440FX-PIIX-1996 audit[611]: USER_AVC pid=611 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.80" pid=2178 label="snap.norka.norka" peer_pid=2310 peer_label="unconfined"
авг 10 20:39:34 meamka-Standard-PC-i440FX-PIIX-1996 kernel: audit: type=1107 audit(1597081174.862:3233): pid=611 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/hostname1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.80" pid=2178 label="snap.norka.norka" peer_pid=2310 peer_label="unconfined"
авг 10 20:39:40 meamka-Standard-PC-i440FX-PIIX-1996 audit[2178]: AVC apparmor="DENIED" operation="open" profile="snap.norka.norka" name="/proc/2178/mountinfo" pid=2178 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
авг 10 20:39:40 meamka-Standard-PC-i440FX-PIIX-1996 kernel: audit: type=1400 audit(1597081180.222:3235): apparmor="DENIED" operation="open" profile="snap.norka.norka" name="/proc/2178/mountinfo" pid=2178 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
авг 10 20:39:40 meamka-Standard-PC-i440FX-PIIX-1996 kernel: audit: type=1400 audit(1597081180.222:3236): apparmor="DENIED" operation="open" profile="snap.norka.norka" name="/proc/2178/mounts" pid=2178 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
авг 10 20:39:40 meamka-Standard-PC-i440FX-PIIX-1996 audit[2178]: AVC apparmor="DENIED" operation="open" profile="snap.norka.norka" name="/proc/2178/mounts" pid=2178 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
But what can I do with this?
ogra
August 10, 2020, 6:44pm
6
try:
$ sudo snap install snappy-debug
$ sudo journalctl --output=short --follow --all | sudo snappy-debug
then run your app from another terminal and watch the snappy-debug output, it makes suggestions about what to do where it can …
meamka
August 10, 2020, 6:57pm
7
Well, the only suggestion it was made is “try to add hostname-control”. I’m not sure I have to do this, 'cause not yet enough experience in Linux development.
ogra
August 10, 2020, 7:05pm
8
i’m surprised it didnt also suggest mount-observe
, just add these to your plugs section in your snapcraft.yaml file … then after installing the snap connect them with:
sudo snap connect <your-snap-name>:hostname-control
sudo snap connect <your.snap-name>:mount-observe
that should make most of the denials go away …
1 Like
meamka
August 10, 2020, 7:22pm
9
Uh, not yet…
meamka@meamka-Standard-PC-i440FX-PIIX-1996:~/Downloads$ snap connections norka
Interface Plug Slot Notes
content[gnome-3-34-1804] norka:gnome-3-34-1804 gnome-3-34-1804:gnome-3-34-1804 -
content[gtk-3-themes] norka:gtk-3-themes gtk-common-themes:gtk-3-themes -
content[icon-themes] norka:icon-themes gtk-common-themes:icon-themes -
content[sound-themes] norka:sound-themes gtk-common-themes:sound-themes -
dbus - norka:dbus-norka -
desktop norka:desktop :desktop -
desktop-legacy norka:desktop-legacy :desktop-legacy -
gsettings norka:gsettings :gsettings -
home norka:home :home -
hostname-control norka:hostname-control :hostname-control manual
mount-observe norka:mount-observe :mount-observe manual
network norka:network :network -
opengl norka:opengl :opengl -
wayland norka:wayland :wayland -
x11 norka:x11 :x11 -
Even after connecting these plugs, I see the same messages:
= AppArmor =
Time: авг 10 22:17:24
Log: apparmor="DENIED" operation="open" profile="snap.norka.norka" name="/run/mount/utab" pid=3698 comm="python3" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Yet there are no more suggestions. And no files saved to local storage.
ogra
August 10, 2020, 7:27pm
10
well, you are down to one denial
IIRC login-session-observe shoujld grant read access to the utab file
(none of the denials are seemingly related to your “write to disk” issues though but fixing them is part of the packaging work)