How to reboot device

carlodomotz · June 26, 2017, 1:44pm

Hello.
We have a snap in private store that has interface “shutdown” (plus many others) but we cannot achieve to reboot the device when we need.

We tried with programmatic ‘reboot’ system call and then also by porting the /sbin/reboot and calling it from our daemon, but AppArmor is denying that:

Jun 26 13:29:22 localhost kernel: [16997.171225] audit: type=1400 audit(1498483762.552:61): apparmor=“DENIED” operation=“open” profile=“snap.fingbox-agent.fingbox” name="/proc/1/environ" pid=10473 comm=“reboot” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Jun 26 13:29:22 localhost kernel: [16997.171783] audit: type=1400 audit(1498483762.552:62): apparmor=“DENIED” operation=“open” profile=“snap.fingbox-agent.fingbox” name="/sys/kernel/kexec_loaded" pid=10473 comm=“reboot” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Jun 26 13:29:22 localhost kernel: [16997.173115] audit: type=1400 audit(1498483762.552:63): apparmor=“DENIED” operation=“connect” profile=“snap.fingbox-agent.fingbox” name="/run/systemd/private" pid=10473 comm=“reboot” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0
Jun 26 13:29:22 localhost kernel: [16997.183459] audit: type=1107 audit(1498483762.564:64): pid=1135 uid=100 auid=4294967295 ses=4294967295 msg=‘apparmor=“DENIED” operation=“dbus_method_call” bus=“system” path="/org/freedesktop/systemd1" interface=“org.freedesktop.systemd1.Manager” member=“StartUnit” mask=“send” name=“org.freedesktop.systemd1” pid=10473 label=“snap.fingbox-agent.fingbox” peer_pid=1 peer_label=“unconfined”
Jun 26 13:29:22 localhost kernel: [16997.183459] exe="/usr/bin/dbus-daemon" sauid=100 hostname=? addr=? terminal=?’

kyrofa · June 26, 2017, 3:13pm

Taking a look at the interface itself, it seems that only dbus-specific stuff is covered, not the poweroff or reboot binaries. @jdstrand can offer more insight.

jdstrand · June 26, 2017, 3:27pm

Various binaries call out to systemd as you can see. When you iterate on the permissions set, that results in permissions that are far wider than what shutdown should allow (this is because of systemd’s design).

Use this instead:

dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:true

All of PowerOff, Reboot, Suspend, Hibernate, HybridSleep, CanPowerOff, CanReboot, CanSuspend, CanHibernate, CanHybridSleep, ScheduleShutdown, CancelScheduledShutdown are supported. See https://www.freedesktop.org/wiki/Software/systemd/logind/ for details.

carlodomotz · June 26, 2017, 4:04pm

Thanks we’re going to try it today or tomorrow and let you know.
Thanks very much for the prompt reply, very much appreciated!

carlodomotz · June 27, 2017, 8:07am

The suggested command works just perfectly.
Thank you very much guys!!!

Seham · February 18, 2019, 2:33pm

Hi, where did you add tthis part of code or the above line, to your code or to your snapcraft.yaml file.
Thanks

tokurz · February 20, 2019, 6:23pm

Hey @Seham,

thats is kind of program, like written in python or java todo this calls, in the snapcraft file you only declare then app todo

take a look here: