Hi, we recently realized that USB / HID input on 22.10 doesn’t work… on some hardware. Using --devmode
makes it work, as does adding this to the snap’s profile:
/sys/dev/char/* r
Part of the problem is that there are no mentions of any relevant DENIED
access:
[10675.379585] audit: type=1400 audit(1665575274.212:10802): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/meta/snap.yaml" pid=75369 comm="snap-exec" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.381222] audit: type=1400 audit(1665575274.212:10803): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/var/cups/" pid=75369 comm="snap-exec" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.381865] audit: type=1400 audit(1665575274.216:10804): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/var/lib/snapd/void/" pid=75369 comm="run-shell" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.383543] audit: type=1400 audit(1665575274.216:10805): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/var/lib/snapd/void/" pid=75394 comm="id" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.385849] audit: type=1400 audit(1665575274.220:10806): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/meta/snap.yaml" pid=75395 comm="snapctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.392117] audit: type=1400 audit(1665575274.224:10807): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/meta/snap.yaml" pid=75400 comm="snapctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.397535] audit: type=1400 audit(1665575274.228:10808): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/var/lib/snapd/void/" pid=75406 comm="dirname" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.398976] audit: type=1400 audit(1665575274.232:10809): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/var/lib/snapd/void/" pid=75407 comm="mkdir" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.400364] audit: type=1400 audit(1665575274.232:10810): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/var/lib/snapd/void/" pid=75408 comm="mkdir" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[10675.401961] audit: type=1400 audit(1665575274.236:10811): apparmor="DENIED" operation="getattr" class="file" profile="snap.confined-shell.confined-shell" name="/var/lib/snapd/void/" pid=75369 comm="miriway" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
It doesn’t help to pinpoint what’s the particular problematic path. The difference between --strace
runs show that it tries to openat()
vs. lstat()
some devices under this path:
# broken
[pid 233672] openat(AT_FDCWD, "/sys/dev/char/226:0/device/uevent", O_RDONLY) = 12
[pid 233672] openat(AT_FDCWD, "/sys/dev/char/226:0/device/vendor", O_RDONLY) = 12
[pid 233672] openat(AT_FDCWD, "/sys/dev/char/226:0/device/device", O_RDONLY) = 12
[pid 233672] openat(AT_FDCWD, "/sys/dev/char/226:0/device/subsystem_vendor", O_RDONLY) = 12
[pid 233672] openat(AT_FDCWD, "/sys/dev/char/226:0/device/subsystem_device", O_RDONLY) = 12
[pid 233672] stat("/sys/dev/char/226:128/device/drm", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
[pid 233672] readlink("/sys/dev/char/226:128/device/subsystem", "../../../bus/pci", 4096) = 16
vs.
# working
[pid 232840] lstat("/sys/dev/char", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
[pid 232840] lstat("/sys/dev/char/226:0", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
[pid 232840] readlink("/sys/dev/char/226:0", "../../devices/pci0000:00/0000:00"..., 4095) = 47
[pid 232840] lstat("/sys/dev/char", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
[pid 232840] lstat("/sys/dev/char/226:0", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
To reproduce, just run ubuntu-frame
from a TTY (make sure to have SSH access as you’ll need to kill it afterwards, it not getting any input). You should see a cursor moving when moving your pointer device - but you won’t - unless you add the above bit to the profile.
It looks as if something between libinput and the kernel changed on 22.10, that doesn’t affect some hardware (Intel 12th Gen seems to be working). But the worst part is we’re not getting any info on opening it up in a more surgical way than the above.
EDIT:
For clarity, input is provided by the wayland
slot:
Frame happens to also have hardware-observe
to silence libinput spamming the logs with DENIED
s on non-input devices, but that doesn’t seem to matter.