Help and troubleshoot wine based app

mmtrt · January 27, 2018, 11:12am

After doing deb and appimage for this app again doing my first snap of same app its wine based I’m using foobar2000 music player as portable and its working good also plays audio. its released on edge channel as devmode and @ogra published wine snap months ago that helped thanks.
snap source link

also found these has wine profiles for apparmor could these be implemented.

So wine need more special permissions. it only works on devmode, with classic and strict nothing happens no log

used these plugs: [ x11, unity7, home, pulseaudio, hardware-observe ]

also used these on snap profile to fix other security denials then below log only shows

/proc/scsi/scsi r,
/run/cups/printcap r,
/run/udev/data/c245:[0-9]* r,

Trying to fix this below

= AppArmor =
Time: Jan 27 15:40:18
Log: apparmor="ALLOWED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UDisks2" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.freedesktop.UDisks2" pid=12502 label="snap.foobar2000.foobar2000" peer_pid=2212 peer_label="unconfined"
DBus access

= AppArmor =
Time: Jan 27 15:40:18
Log: apparmor="ALLOWED" operation="open" profile="snap.foobar2000.foobar2000" name="/home/mmtrt/snap/" pid=12490 comm="wineserver" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
File: /home/mmtrt/snap/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

anyways thought to post here if someone could help-out.

ogra · January 27, 2018, 11:22am

Take a look at https://github.com/ogra1/wine-2

Specifically at the snapcraft.yaml and interfaces used in the apps (while i have very very limited time to work on this snap, i didnt abandon it ), that should cover a bunch of your issues …

…for the dbus error you could try installing the udisks2 snap and make your apps use the udisks2 interface this snap provides.

lucyllewy · January 27, 2018, 3:27pm

I’ve worked a bit more on @ogra’s wine snap and have it building on an amd64 system with some evil hackage :-p

this is where I’m at so far: http://paste.ubuntu.com/26470859/

ogra · January 27, 2018, 3:30pm

looking at the last stage-packages block, wouldnt that break when i build inside an i386 lxd container (you only specify “on amd64” so the libs wouldnt be staged in i386) ?

lucyllewy · January 27, 2018, 4:30pm

for now, yes. That is “to be fixed” it’s a Work in Progress… also need to fix the add-architecture to only do it’s thing on amd64… also they’re all set as the -dev packages, so I need to fix that to only include the libraries

mmtrt · January 28, 2018, 6:38am

some progress got the snap working on strict from devmode still got these denials also its still working fine with audio.

Did this after try prime

sudo snap connect foobar2000:hardware-observe core:hardware-observe
sudo snap connect foobar2000:process-control core:process-control
sudo snap connect foobar2000:cups-control core:cups-control

then below denials with stock snap profile

= AppArmor =
Time: Jan 28 13:52:00
Log: apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/UDisks2" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.freedesktop.UDisks2" pid=27144 label="snap.foobar2000.foobar2000" peer_pid=2215 peer_label="unconfined"
DBus access

= AppArmor =
Time: Jan 28 13:52:00
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/home/mmtrt/snap/" pid=27125 comm="wineserver" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
File: /home/mmtrt/snap/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/writable/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /writable/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/var/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /var/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/usr/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /usr/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/srv/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /srv/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/snap/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /snap/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/sbin/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /sbin/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/run/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /run/ (read)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use run/shm/snap.$SNAP_NAME.*

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/opt/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /opt/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/mnt/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /mnt/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/meta/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /meta/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/media/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /media/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/lib64/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /lib64/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/etc/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /etc/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/boot/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /boot/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

= AppArmor =
Time: Jan 28 13:52:55
Log: apparmor="DENIED" operation="open" profile="snap.foobar2000.foobar2000" name="/bin/" pid=27211 comm="foobar2000.exe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /bin/ (read)
Suggestion:
* adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON

The *.exe file denials are showing when I tried to add files from home/music like browsing from root to dir opening folders.

EDIT: I think first two apparmor denials need fixing udisks2 and wineserver we can ignore *.exe denials probably not harmful as we can files to playlist on app via right click open with the app works fine no log denials from it.