Error "http://localhost/v2/users dial unix /run/snapd.socket" while porting Ubuntu-core to TI AM335x Starter Kit

I want to evaluate security feature of snap on my IoT device. But I got a error: “http://localhost/v2/users dial unix /run/snapd.socket”
Hardware: TI AM335x Starter Kit
Software: ti-processor-sdk-linux-am335x-evm- version 4.4.41)
I use this kernel code for reference:
I found zImage will cause the error.
I can also succeed to login with “ssh username@IPADDRESS” without those configs.
So is the snap security feature depends on those kernel security config? Can you kindly guide me how to solve this problem? @ogra
Error log:
error: cannot obtain system details: cannot communicate with server: timeout exceeded while waiting for response
Press enter to configure.

After I pressed enter and configured the eth and got correct IP address:

The TI Sitara evm should be supported by our pc-kernel snap (which is pretty much mainline with some ubuntu sauce patches on top) … for a start i’d try adjusting your model assertion to use it … download the snap:

UBUNTU_STORE_ARCH=armhf snap download pc-kernel --channel=18/stable

then use the --snap arg for ubuntu-image to point to the downloaded .snap file and see if that works …

(IIRC the devicetree file is called am335x-evm.dtb)

1 Like

Here is my command:
for gadget snap: snapcraft --target-arch=armhf --destructive-mode
for kernel snap: snapcraft --target-arch=armhf
for core snap: sudo ubuntu-image snap --snap ./core18_1889.snap --snap ./snapd_8792.snap --snap ./am335x-kernel.snap --snap ./am335x.snap -O ./am335x.img am335x.model
I download and get pc-kernel_597.snap so I need to use pc-kernel_597.snap to replace core18_1889.snap or snapd_8792.snap?

you need to replace am335x-kernel.snap … and adjust your model assertion to use pc-kernel instead of am335x-kernel …

1 Like

Begin: Loading essential drivers … [ 13.907783] usbcore: registered new interface driver usb-storage
Begin: Running /scripts/init-premount … done.
Begin: Mounting root file system … Begin: Running /scripts/nfs-top … done.
Begin: Running /scripts/nfs-premount … done.
Begin: Running /scripts/local-top … done.
Begin: Running /scripts/local-premount … [ 169.006901] random: crng init done
[ 169.010515] random: 7 urandom warning(s) missed due to ratelimiting
findfs: unable to resolve ‘LABEL=writable’
cannot find ‘writable’ partition
Rebooting automatically due to panic= boot argument
[ 554.163509] reboot: Restarting system

Hi, ogra, thanks for your quickly and professional reply.
Seemed can’t boot.
Actually we will build kernel based on TI SDK.
So is there a method to enable SECURITY related kernel config and avoid the error below?

well, if you insist on building your own (i guess the pc-kernel simply misses a module in the initrd to drive your MMC controller), take a look at the first commit of my kernel build (note all later commits use the source from and dont have the patches)

there is a configs-linux-5.1rpi.patch file you want to use (just copy/paste it into your tree as is (perhaps rename it to match your version for cleanness)) and you need to add the full apparmor patchset for your kernel version … take a look at the snapcraft.yaml how they are applied (and how the configs are used) in my tree …


Hi, ogra:
I don’t mean to insist on my own kernel. For example, I buy chips from TI or NXP and setup my own hardware platform. So I need to modify kernel based on TI or NXP’s kernel SDK but not from or ubuntu kernel becasue TI or NXP have many many patches on kernel release to adapt their chips. It is easier to develop based on TI or NXP kernel SDK.
So the error is a common known bug? The solution is to apply apparmor patches?
I usually use arm chips. Does all arm chips will encounter this error?

git apply -v configs-linux-5.1rpi.patch is OK
git apply -v apparmor-linux-5.1rpi.patch report error. I think the patch is for kernel 5.1 but my kernel version is v4.4.41.
So there is many kernel releases and many arm chips. It is really difficult to patch all those cases.

Snap confinement and security is solely done by the kernel (for less/zero overhead) … if you want proper functionality and security on Ubuntu Core you need to apply the apparmor patches for your major kernel version and set the necessary config options.

for different apparmor patchsets against different major kernel versions take a look at:

1 Like