Listing names on DBus

tokurz · September 15, 2017, 1:48pm

Hey Guys,

I have a questions to connect to the DBus in Ubuntu Core via the snap. I create successfully more snaps where can “talk” to each other via DBus.

Now I have create a small snap where use the origin org.freedesktop.DBus interface where I will call ListNames to list the dbus well know names, and check if there exist. In devmode the snap works fine but, when I tried to install in dangerous mode and doing snap connect on the interfaces, i get from Apparmor an denied message.

In Devmode

Sep 15 13:22:37 localhost kernel: [71911.842582] audit: type=1107 audit(1505481757.303:436989): pid=1236 uid=100 auid=4294967295 ses=4294967295 msg='apparmor=“ALLOWED” operation=“dbus_method_call” bus=“system” path=“/org/freedesktop/DBus” interface=“org.freedesktop.DBus” member=“ListNames” mask=“send” name=“org.freedesktop.DBus” pid=13471 label=“snap.modulemanager” peer_label=“unconfined”

In Dangerous Mode

Sep 15 13:06:13 localhost kernel: [70927.548507] audit: type=1107 audit(1505480773.010:436945): pid=1236 uid=100 auid=4294967295 ses=4294967295 msg='apparmor=“DENIED” operation=“dbus_method_call” bus=“system” path=“/org/freedesktop/DBus” interface=“org.freedesktop.DBus” member=“ListNames” mask=“send” name=“org.freedesktop.DBus” pid=12948 label=“snap.modulemanager” peer_label=“unconfined”

Yaml cut:

plugs:
  pdbus:
   interface: dbus
   name: org.freedesktop.DBus
   bus: system
 pmodulemanager:
   interface: dbus
   name: com.modulemanager
   bus: system


slots:
  sdbus:
    interface: dbus
    name: org.freedesktop.DBus
    bus: system
  smodulemanager:
   interface: dbus
   name: com.modulemanager
   bus: system

how do I need to connect that , so that I can use the ListNames function from DBus Interface in dangerous mode?

Also the slots and plus are connected in each cross way…

Greets TK

ogra · September 15, 2017, 2:02pm

I’m not sure if the system dbus actually allows introspection to list all names, perhaps @jdstrand can help out here ?

jdstrand · September 15, 2017, 2:07pm

You shouldn’t use ‘name: org.freedesktop.DBus’ in your yaml-- this is used by dbus-daemon so you can’t claim it as a well-known name.

As for ListNames(), to answer @ogra, yes this API can be used to enumerate the system bus, but it is not allowed by the dbus interface because it would constitute an information leak. This is sort of like ‘ps auxww’ output but for DBus. In that light, I think it would make sense to allow use of ListNames() in the system-observe interface. I’ll update it for that.

tokurz · September 15, 2017, 2:20pm

Thanks guys for the quick reply, let me know when it gives an update so I can use the system-observe and how I can be used that.

Greets TK

jdstrand · September 15, 2017, 2:25pm

Also, in terms of terminology, you meant ‘strict mode’ instead of ‘dangerous mode’. I wouldn’t mention it except that you can install snaps with ‘–dangerous’ which means something else. I had to think twice about what you meant when I first read it.

tokurz · September 15, 2017, 2:28pm

Yeah sorry, I mean strict mode snaps where I install with --devmode and also install with --dangerous mode

yaml cut:

confinement: strict
grade: devel
architectures: [ armhf ]

Greets TK

jdstrand · September 15, 2017, 4:03pm

tokurz · September 19, 2017, 7:23am

Thanks for this , I have another question in DBUS for plugs and slots, or should I do this in a seperate topic,

Greets

niemeyer · September 19, 2017, 7:27am

Yeah, different topic if unrelated please.

jdstrand · September 22, 2017, 12:50pm

PR #3928 is now mereged with master.