Manual review request for Visual LVM

isaac.clack · June 12, 2022, 5:08pm

Hi, thanks for your focus. There seems something wrong with our new snapcraft.yaml

grade: stable
confinement: strict
plugs:
  etc-lvm-backup:
    interface: system-files
    write:
      #[/dev]
      [/run/lvm,/run/lock/lvm]
    read:
      [/dev,/sys/devices,/etc/lvm/backup,/sbin]
      #[/run/lvm,/sys/firmware/dmi/tables,/sys/devices,/proc]

parts:
  visual-lvm-remote:
    plugin: dump

  integration:
    plugin: nil
    stage-packages: [lvm2,dmidecode,libdevmapper1.02.1]


passthrough:
  layout:
    /etc/visual_lvm:
      bind: $SNAP_DATA/etc/visual_lvm
    /etc/lvm:
      bind: $SNAP_DATA/etc/lvm

apps:
  start:
    plugs:
      [block-devices,network-bind,etc-lvm-backup,network,system-observe]
    command: bin/vlvmservice start $SNAP_DATA
  stop:
    plugs:
      [system-observe]
    command: bin/vlvmservice stop $SNAP_DATA

  restart:
    plugs:
      [block-devices,network-bind,etc-lvm-backup,network,system-observe]
    command: bin/vlvmservice restart $SNAP_DATA
  ip-refuse:
    command: bin/vlvmconsole -refuse $1 $2 -config_path $SNAP_DATA/
  ip-accept:
    command: bin/vlvmconsole -accept $1 $2 -config_path $SNAP_DATA/
  change-password:
    command: bin/vlvmconsole -chgpass -config_path $SNAP_DATA/
  change-port:
    command: bin/vlvmconsole -chgport $1 -config_path $SNAP_DATA/

hooks:
  install:
    plugs:
      [system-observe]
  remove:
    plugs:
      [system-observe]

When visual lvm remote start, the snappy-debug shows :

 = AppArmor =
Time: Jun 12 13:00:57
Log: apparmor="DENIED" operation="open" profile="snap.visual-lvm-remote.start" name="/dev/mapper/control" pid=4199 comm="lvm" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
File: /dev/mapper/control (write)
Suggestion:
* add 'dm-crypt' to 'plugs'

= AppArmor =
Time: Jun 12 13:00:57
Log: apparmor="DENIED" operation="open" profile="snap.visual-lvm-remote.start" name="/proc/partitions" pid=4204 comm="fdisk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/partitions (read)
Suggestions:
* adjust program to not access '@{PROC}/partitions'
* add 'system-observe' to 'plugs'

= AppArmor =
Time: Jun 12 13:00:57
Log: apparmor="DENIED" operation="open" profile="snap.visual-lvm-remote.start" name="/proc/partitions" pid=4209 comm="fdisk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/partitions (read)
Suggestions:
* adjust program to not access '@{PROC}/partitions'
* add 'system-observe' to 'plugs'

And visual lvm remote shut down, we think the script for this issue is :

#define ENUM_DISK (PCHAR) \
	"cmd='fdisk -l';" \
	"title=`$cmd |grep dev|head -1|awk '{print $1}'`;" \
	"list=`$cmd |grep $title|grep dev|awk '{print $2}'|sed 's/://'|sed 's@/dev/ram@@'|sed 's@/dev/loop@@'`;" \
	"result='';" \
	"for dev in `ls /dev/`; do " \
	"[ \"`echo $list|grep /dev/$dev`\" != '' ] && " \
	"[ ! -d /dev/$dev ]&&[ \"`cat /proc/mdstat|awk '{print $1}'|grep $dev`\" != \"$dev\" ]&&" \
	"echo /dev/$dev;" \
	"done"

it enumerates all disk class device on platform.

It’s so difficult to write system class app on snap.

alexmurray · June 15, 2022, 12:54pm

Hi @isaac.clack, since you still seem to be having difficulties snapping your application, perhaps it would be more useful to create a new forum topic under the snap category where others can offer help and suggestions. Thanks.

isaac.clack · June 15, 2022, 2:12pm

Hi, I think it is a good idea. I will post a new thread after some snap testing work

emitorino · July 20, 2022, 5:36pm

Hi @isaac.clack,

Could you make any progress? I Don’t see any further topic being created for visual-lvm.

Thanks!

pfsmorigo · August 10, 2022, 8:56pm

@isaac.clack - ping, this request cannot proceed without the requested information

emitorino · September 20, 2022, 3:36pm

I see another post has been created How to enumerate and access system devices(visual lvm). I am removing this request from our review queue, but please @isaac.clackfeel free to write here again and we will be happy to add it back if needed.