@ogra One more question, I was able to connect my snap to interface provided by this gadget. As you saw it was a serial interface, but I get denied by apparmor.
are you root when running the app ? (device permissions are not overridden by adding an interface, it is likely the /dev/ttyACM0 device node is only accessible by root … )
no need to build it with --devmode, but installing it manually with the --devmode flag should work … classic snaps are not option on ubuntu core (they are refused installation)
There was a bug in the kernel where ‘k’ was not properly mediated in all cases. I suspect the current policy works on kernels with that bug but not on kernels where this bug is fixed (ie, ‘k’ is always properly mediated). We should add ‘k’ to the policy.
Great, where can I check if the fix for it was merged to ubuntu core ? or where can I find a ticket for this issue to follow?
Apart from this, I have a question regarding this workaround with devmode flag set you mentioned. Can I somehow provide this flag, while I am creating a custom core image with my snap attached?
I provide my gadget.snap, mir-kiosk and my terminal app. Is there a way to set devmode flag here ?
Also, is there a way to provide some additional config here ? E.g I want to set default orientation for mir-kiosk from a different layout. Is there a way to provide it during custom image build? Or maybe the only way here is to rebuild a mir-kiosk with custom hooks ?
After that is merged, the fix will be available in the snapd/core snap edge channels and will likely be released with 2.43, which I think should be out in the next couple weeks. See The snapd roadmap for more details
Hi,
Today, I tried to switch back to strict confinement to check if the fix was already in place for it (it is not in stable yet, I found out), but I found another issue maybe related to this.
My app writes to a file, this file is in /var/snap dir, so it should be writable by it, but I get following apparmor error:
hmm what do you mean as a user, system one ? In my case application run in a snap wants RW access to this file, system user is not going to write it, only app itself and it is running as a root. Shouldn’t it have rw access then ?