Java 11 application missing sound interface

snapcraft
1

What should I do to prevent this error and allow sound to a Java 11 application? I already have the pulsaudio and alsa interfaces connected.

Feb-09 10:43:13.916 [AvoidStandbyModeService-thread] ERROR b.c.a.AvoidStandbyModeService: java.lang.IllegalArgumentException: No line matching interface SourceDataLine supporting format PCM_SIGNED 44100.0 Hz, 16 bit, stereo, 4 bytes/frame, big-endian is supported. 
java.lang.IllegalArgumentException: No line matching interface SourceDataLine supporting format PCM_SIGNED 44100.0 Hz, 16 bit, stereo, 4 bytes/frame, big-endian is supported.
	at java.desktop/javax.sound.sampled.AudioSystem.getLine(AudioSystem.java:423)
	at bisq.core.app.AvoidStandbyModeService.play(AvoidStandbyModeService.java:93)
	at java.base/java.lang.Thread.run(Thread.java:844)

My snapcraft.yaml is here:

name: bisq-desktop
base: core18
version: 0.9.3
summary: Peer-to-peer exchange to trade various curriencies for bitcoin
description: |
  Cross-platform desktop application that allows users to trade national currency (dollars, euros, etc) for bitcoin without relying on centralized exchanges
confinement: strict
grade: stable
icon: icon.png

apps:
  bisq-desktop:
    command: desktop-launch "$SNAP/opt/Bisq/Bisq"
    plugs:
      - network
      - network-bind
      - desktop
      - desktop-legacy
      - x11
      - wayland
      - home
      - pulseaudio
      - alsa
    desktop: usr/share/applications/bisq.desktop
    environment:
      JAVA_HOME: "$SNAP/usr/lib/jvm/java-11-openjdk-amd64"
      JAVA_TOOL_OPTIONS: "-Duser.home=$SNAP_USER_COMMON"

parts:
  bisq:
    plugin: dump
    source: https://github.com/bisq-network/bisq/releases/download/v0.9.3/Bisq-64bit-0.9.3.deb
    source-checksum: sha256/4a3cdc352c5eaa74b9418c2a407984c90c3dfc8150dd197bae4999f863cf6263
    stage-packages:
      - libgl1
      - libglx0
      - libxtst6
      - libxxf86vm1 
    #stage-packages: [openjdk-11-jre]
    #build-packages:
    #  - ca-certificates
    #  - ca-certificates-java
    after: [desktop-gtk3]

  # Install desktop launcher
  launchers:
    plugin: dump
    source: .
    organize:
      'bisq.desktop': usr/share/applications/bisq.desktop
    after:
      - bisq

  desktop-gtk3:
    source: https://github.com/ubuntu/snapcraft-desktop-helpers.git
    source-subdir: gtk
    plugin: make
    make-parameters: ["FLAVOR=gtk3"]
    build-packages:
      - libgtk-3-dev
    stage-packages:
      - libxkbcommon0  # XKB_CONFIG_ROOT
      - ttf-ubuntu-font-family
      - dmz-cursor-theme
      - light-themes
      - adwaita-icon-theme
      - gnome-themes-standard
      - shared-mime-info
      - libgtk-3-0
      - libgdk-pixbuf2.0-0
      - libglib2.0-bin
      - libgtk-3-bin
      - unity-gtk3-module
      - libappindicator3-1
      - locales-all
      - xdg-user-dirs
      - ibus-gtk3
      - libibus-1.0-5

# vim:tabstop=2 shiftwidth=2 expandtab
2

you likely need libpulse0 in your stage packages and also add a proper LD_LIBRARY_PATH entry to your environment stanza so the lib is found.

3

After looking into this more, I’m not sure the error is sound related. The error is showing up because the application is trying to monitor system resources and the “AvoidStandbyModeService” is failing in the application.

What would I do with an application which wants access like this?

= AppArmor =
Time: Feb 12 12:10:44
Log: apparmor="ALLOWED" operation="open" profile="snap.bisq-desktop.bisq-desktop" name="/sys/fs/cgroup/memory/user.slice/user-1000.slice/user@1000.service/memory.limit_in_bytes" pid=5109 comm="Bisq" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /sys/fs/cgroup/memory/user.slice/user-1000.slice/user@1000.service/memory.limit_in_bytes (read)
Suggestions:
* adjust program to not access '/sys/fs/cgroup/memory/user.slice/user-1000.slice/user@1000.service/memory.limit_in_bytes'
* adjust program to not access '/sys/fs/cgroup/memory/user.slice/user-[0-9]*.slice/user@[0-9]*.service/memory.limit_in_bytes'

= AppArmor =
Time: Feb 12 12:10:44
Log: apparmor="ALLOWED" operation="open" profile="snap.bisq-desktop.bisq-desktop" name="/sys/fs/cgroup/cpu,cpuacct/cpu.shares" pid=5109 comm="Bisq" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /sys/fs/cgroup/cpu,cpuacct/cpu.shares (read)
Suggestion:
* adjust program to not access '/sys/fs/cgroup/cpu,cpuacct/cpu.shares'

= AppArmor =
Time: Feb 12 12:10:44
Log: apparmor="ALLOWED" operation="open" profile="snap.bisq-desktop.bisq-desktop" name="/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us" pid=5109 comm="Bisq" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us (read)
Suggestion:
* adjust program to not access '/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us'

= AppArmor =
Time: Feb 12 12:10:44
Log: apparmor="ALLOWED" operation="open" profile="snap.bisq-desktop.bisq-desktop" name="/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us" pid=5109 comm="Bisq" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us (read)
Suggestion:
* adjust program to not access '/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us'

= AppArmor =
Time: Feb 12 12:10:44
Log: apparmor="ALLOWED" operation="open" profile="snap.bisq-desktop.bisq-desktop" name="/sys/fs/cgroup/cpu,cpuacct/cpu.shares" pid=5109 comm="Bisq" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /sys/fs/cgroup/cpu,cpuacct/cpu.shares (read)
Suggestion:
* adjust program to not access '/sys/fs/cgroup/cpu,cpuacct/cpu.shares'

= AppArmor =
Time: Feb 12 12:10:44
Log: apparmor="ALLOWED" operation="open" profile="snap.bisq-desktop.bisq-desktop" name="/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us" pid=5109 comm="Bisq" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us (read)
Suggestion:
* adjust program to not access '/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us'
4

As of today, there are no interfaces that allow this access that would be suitable for this application. snappy-degug is giving you the advice you need. I suspect that if these accesses were allowed, then the application would get caught up with another access in the cgroup hierarchy. You can test this yourself by modifying /var/lib/snapd/apparmor/profiles/snap.bisq-desktop.bisq-desktop to have:

/sys/fs/cgroup/*/* r,

and then reloading the policy with: sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.bisq-desktop.bisq-desktop. Feel free to iterate and add more accesses and post back your changes. If your application only needs read access, perhaps that access could be added to an existing or new interface.

1 Like
5

FWIW, we have a snap that attempts to read it’s own cgroup cpu limits in order to automatically determine a reasonable thread pool to allocate for itself (it’s a database application). If there was an interface for just reading cgroups information we would add it to the snap. As it is now it’s harmless and handles the denial properly, but is quite noisy. Example denial we see:

Feb 12 16:24:34 hostname kernel: audit: type=1400 audit(1550010274.725:943): apparmor="DENIED" operation="open" profile="snap.edgexfoundry.security-services" name="/sys/fs/cgroup/cpu,cpuacct/system.slice/snap.edgexfoundry.security-services.service/cpu.cfs_quota_us" pid=5509 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
6

Adding a couple lines to the /var/lib/snapd/apparmor/profiles/snap.bisq-desktop.bisq-desktop file prevented the AppArmour errors.

/sys/fs/cgroup/*/* r,
/sys/fs/cgroup/memory/user.slice/user-1000.slice/user@1000.service/memory.limit_in_bytes r,

It still didn’t remove the application error about No line matching interface SourceDataLine supporting format PCM_SIGNED 44100.0 Hz, 16 bit, stereo, 4 bytes/frame, big-endian is supported. though. I’m guessing I’m still missing something to do with sound. I’m probably going to look into the source code and see what triggers the error.

7

@jdstrand thoughts on adding read rules for

/sys/fs/cgroup/cpu,cpuacct/system.slice/snap.${SNAP_NAME}.${SNAP_APP}.service/cpu.cfs_quota_us

and various other cpu cgroup properties to something like system-observe?
I’ve seen a fair number of Java applications (i.e. cassandra comes to my mind immediately) try with read access on these, presumably for some kind of JVM optimization.

See https://www.kernel.org/doc/html/latest/scheduler/sched-bwc.html for some documentation of what those do.

Note that this denial has cropped up at Pulseaudio on core18 and desktop-qt5 and Ubuntu Core 16.04 on Dell Edge GW - Apparmor denial of read of files is /sys/fs/cgroup/ as well

8

The read rules might even be suitable for the default template. I’ve added this for something to look into in the next round of policy updates.

1 Like
9

I ended up adding them to system-observe for now: https://github.com/snapcore/snapd/pull/8232/commits/62ad253a9af0fb0f60a19a74342de06e36b7646b