Hi, thanks for your focus. There seems something wrong with our new snapcraft.yaml
grade: stable
confinement: strict
plugs:
etc-lvm-backup:
interface: system-files
write:
#[/dev]
[/run/lvm,/run/lock/lvm]
read:
[/dev,/sys/devices,/etc/lvm/backup,/sbin]
#[/run/lvm,/sys/firmware/dmi/tables,/sys/devices,/proc]
parts:
visual-lvm-remote:
plugin: dump
integration:
plugin: nil
stage-packages: [lvm2,dmidecode,libdevmapper1.02.1]
passthrough:
layout:
/etc/visual_lvm:
bind: $SNAP_DATA/etc/visual_lvm
/etc/lvm:
bind: $SNAP_DATA/etc/lvm
apps:
start:
plugs:
[block-devices,network-bind,etc-lvm-backup,network,system-observe]
command: bin/vlvmservice start $SNAP_DATA
stop:
plugs:
[system-observe]
command: bin/vlvmservice stop $SNAP_DATA
restart:
plugs:
[block-devices,network-bind,etc-lvm-backup,network,system-observe]
command: bin/vlvmservice restart $SNAP_DATA
ip-refuse:
command: bin/vlvmconsole -refuse $1 $2 -config_path $SNAP_DATA/
ip-accept:
command: bin/vlvmconsole -accept $1 $2 -config_path $SNAP_DATA/
change-password:
command: bin/vlvmconsole -chgpass -config_path $SNAP_DATA/
change-port:
command: bin/vlvmconsole -chgport $1 -config_path $SNAP_DATA/
hooks:
install:
plugs:
[system-observe]
remove:
plugs:
[system-observe]
When visual lvm remote start, the snappy-debug shows :
= AppArmor =
Time: Jun 12 13:00:57
Log: apparmor="DENIED" operation="open" profile="snap.visual-lvm-remote.start" name="/dev/mapper/control" pid=4199 comm="lvm" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
File: /dev/mapper/control (write)
Suggestion:
* add 'dm-crypt' to 'plugs'
= AppArmor =
Time: Jun 12 13:00:57
Log: apparmor="DENIED" operation="open" profile="snap.visual-lvm-remote.start" name="/proc/partitions" pid=4204 comm="fdisk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/partitions (read)
Suggestions:
* adjust program to not access '@{PROC}/partitions'
* add 'system-observe' to 'plugs'
= AppArmor =
Time: Jun 12 13:00:57
Log: apparmor="DENIED" operation="open" profile="snap.visual-lvm-remote.start" name="/proc/partitions" pid=4209 comm="fdisk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/partitions (read)
Suggestions:
* adjust program to not access '@{PROC}/partitions'
* add 'system-observe' to 'plugs'
And visual lvm remote shut down, we think the script for this issue is :
#define ENUM_DISK (PCHAR) \
"cmd='fdisk -l';" \
"title=`$cmd |grep dev|head -1|awk '{print $1}'`;" \
"list=`$cmd |grep $title|grep dev|awk '{print $2}'|sed 's/://'|sed 's@/dev/ram@@'|sed 's@/dev/loop@@'`;" \
"result='';" \
"for dev in `ls /dev/`; do " \
"[ \"`echo $list|grep /dev/$dev`\" != '' ] && " \
"[ ! -d /dev/$dev ]&&[ \"`cat /proc/mdstat|awk '{print $1}'|grep $dev`\" != \"$dev\" ]&&" \
"echo /dev/$dev;" \
"done"
it enumerates all disk class device on platform.
It’s so difficult to write system class app on snap.