Hi folks,
Previously, I verified my snap on a amd64 platform most of time. Yesterday I tested it on a pi2, the program was stopped and dmesg said:
[ 279.803475] audit: type=1326 audit(1557910870.397:110): auid=1000 uid=1000 gid=1000 ses=1 pid=2722 comm="rtl_test" exe="/snap/adsb-box/69/usr/bin/rtl_test" sig=0 arch=40000028 syscall=281 compat=0 ip=0x76dceb48 code=0x50000
The snappy-debug.scanlog recommended:
= Seccomp =
Time: May 15 09:01:10
Log: auid=1000 uid=1000 gid=1000 ses=1 pid=2722 comm="rtl_test" exe="/snap/adsb-box/69/usr/bin/rtl_test" sig=0 arch=40000028 281(socket) compat=0 ip=0x76dceb48 code=0x50000
Syscall: socket
Suggestions:
* add account-control (if using NETLINK_AUDIT)
* add bluetooth-control (if using AF_{ALG,BLUETOOTH})
* add firewall-control (if using NETLINK_{FIREWALL,IP6_FW,NETFILTER,NF_LOG,ROUTE})
* add hardware-observe (if using NETLINK_{GENERIC,KOBJECT_UEVENT})
* add netlink-audit (if using NETLINK_AUDIT)
* add netlink-connector (if using NETLINK_CONNECTOR)
* add network (if using AF_INET{,6}, AF_CONN, NETLINK_ROUTE)
* add network-bind (if using AF_INET{,6}, NETLINK_ROUTE)
* add network-control (if using AF_{APPLETALK,BRIDGE,INET,INET6,IPX,PACKET,PPPOX,SNA}, NETLINK_{DNRTMSG,FIB_LOOKUP,GENERIC,INET_DIAG,ISCSI,KOBJECT_UEVENT,RDMA,ROUTE,XFRM})
* add network-observe (if using SOCK_RAW, AF_INET{,6}), NETLINK_{GENERIC,INET_DIAG,KOBJECT_UEVENT,ROUTE})
* add x11 (if using NETLINK_KOBJECT_UEVENT)
To find out the function call, I ran snap run --strace
on both x64 and pi2. Then I found the case for me is hardware-observe
.
[snipped]
stat("/sys/bus/usb/devices", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
open("/etc/udev/udev.conf", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=153, ...}) = 0
read(3, "# see udev.conf(5) for details\n#"..., 1024) = 153
read(3, "", 1024) = 0
close(3) = 0
access("/run/udev/control", F_OK) = 0
socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_KOBJECT_UEVENT) = 3
[snipped]
I added hardware-observe to the plut list and it works fine now.
I am wondering what’s reason that seccomp has different behaviors on amd64 and armhf.