Classic for BlueDo

Hi

I’ve uploaded my first snap bluedo from https://github.com/ways/bluedo

It uses the following system commands:

  • bluetoothctl
  • playerctl
  • gsettings

I tried connecting bluetooth-control interface, but was unable to use it without sudo. I hope to confine this app over time.

It should be possible to confine this snap but it will need to ship these commands itself since strict confinement does not allow the snap access to any binaries on the host. Once this is done, you should be able to use snappy-debug to help identify what other interfaces may be required for the snap to operate correctly with strict confinement.

Hey @lars, I see you have not uploaded a new revision to the store. Could you try strict confinement and shipping the commands as @alexmurray suggested?

Hi. I’ve been experimenting with snap builds. This is where I am now:

$ sudo snap install --dangerous bluedo_*.snap --devmode
bluedo 0+git.1a2e57a-dirty installed

$ snap run bluedo
Exception in thread Thread-1:
Traceback (most recent call last):
File “/snap/bluedo/x3/usr/lib/python3.6/threading.py”, line 916, in _bootstrap_inner
self.run()
File “/snap/bluedo/x3/usr/lib/python3.6/threading.py”, line 864, in run
self._target(*self._args, **self._kwargs)
File “/snap/bluedo/x3/lib/python3.6/site-packages/bluedo/bluedoapp.py”, line 508, in update_combodevices
newscan = self.bluetooth_list()
File “/snap/bluedo/x3/lib/python3.6/site-packages/bluedo/bluedoapp.py”, line 486, in bluetooth_list
addr = line.split()[1]
IndexError: list index out of range

The manifest is at https://github.com/ways/BlueDo/blob/master/snapcraft.yaml

In other words, bluez isn’t working for me yet. If anyone has a link to a working bluez setup, I’d be happy to try. This is a result of looking at https://github.com/kubiko/kura-snap/blob/master/snapcraft.yaml for hints.

This was obviously my mistake. I can see bluetoothctl now, and will attempt to make it work for me.

Ok, confinement blocks me from ping’ing the bluetooth device:

okt. 18 23:05:53 laptop1016 audit[382402]: AVC apparmor=“ALLOWED” operation=“create” profile=“snap.bluedo.bluedo” pid=382402 comm=“python3” family=“bluetooth” sock_type=“raw” protocol=1 requested_mask=“create” denied_mask=“create”
okt. 18 23:05:53 laptop1016 audit[382402]: AVC apparmor=“ALLOWED” operation=“create” profile=“snap.bluedo.bluedo” pid=382402 comm=“python3” family=“bluetooth” sock_type=“raw” protocol=1 requested_mask=“create” denied_mask=“create”
okt. 18 23:05:53 laptop1016 audit[382402]: AVC apparmor=“ALLOWED” operation=“bind” profile=“snap.bluedo.bluedo” pid=382402 comm=“python3” family=“bluetooth” sock_type=“raw” protocol=1 requested_mask=“bind” denied_mask=“bind”
okt. 18 23:05:53 laptop1016 audit[382402]: AVC apparmor=“ALLOWED” operation=“create” profile=“snap.bluedo.bluedo” pid=382402 comm=“python3” family=“bluetooth” sock_type=“seqpacket” protocol=0 requested_mask=“create” denied_mask=“create”
okt. 18 23:05:53 laptop1016 audit[382402]: AVC apparmor=“ALLOWED” operation=“connect” profile=“snap.bluedo.bluedo” pid=382402 comm=“python3” family=“bluetooth” sock_type=“seqpacket” protocol=0 requested_mask=“connect” denied_mask=“connect”

This is done in python with some low level BluetoothSocket commands. Any way to do this in a confined way?

Are you sure the bluez interface is connected? Creation of bluetooth sockets is allowed when the bluez interface is plugged and connected (this is not automatically connected since it is a privileged interface)

Oh, wow. You’re right. Thanks. I’ll test some more and report back.

Hello @lars. Is the request to be classic still necessary?

If you don’t mind, I’d like to get classic until I can figure out all my permissions. Still have some left, in another forum thread.

Hey @lars, if you take a look at our Process for reviewing classic confinement snaps, difficulty making strict confinement work is not a supported reason for granting classic.

We are here to help you troubleshoot. If you already have another thread open, we can remove this one from our queue and continue the discussion there instead. If needed, we can add this request back anytime.

Alright, feel free to close this.

1 Like