I’m snapping the game Mr. Rescue as a little weekend project. Looking at var/log/syslog I could see it was trying to inhibit the screensaver so I’ve added the screen-inhibit-control interface to the snapcraft.yaml but running the the snap is still capturing the following in /var/log/syslog.
Jun 3 10:43:08 skull dbus[3255]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/ScreenSaver" interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send" name="org.freedesktop.ScreenSaver" pid=20693 label="snap.mrrescue.mrrescue" peer_pid=3572 peer_label="unconfined"
Jun 3 10:43:08 skull dbus[3255]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gnome/ScreenSaver" interface="org.gnome.ScreenSaver" member="SimulateUserActivity" mask="send" name="org.gnome.ScreenSaver" pid=20693 label="snap.mrrescue.mrrescue" peer_pid=3637 peer_label="unconfined"
Looking at the screen-inhibit-control source the appropriate dbus paths and members appear to be defined. I’m wondering if I’m misunderstanding what the screen-inhibit-control is supposed to do or if I’ve found a bug?
Here’s the Mr. Rescue snapcraft.yaml or you can test things out with:
snap install mrrescue --edge
It looks like the ‘path’ in the denial is different from what is allowed in the interface. What distribution and desktop environment are you using? What are exact steps to reproduce?
I’m running Ubuntu 16.04.2 with Unity on amd64. To reproduce:
Open two terminals
tail -f /var/log/syslog in one terminal
In the other terminal:
snap install mrrescue --edgemrrescue
See the apparmor="DENIED" messages in first terminal.
Jun 6 14:36:52 skull dbus[3321]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/ScreenSaver" interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send" name="org.freedesktop.ScreenSaver" pid=5750 label="snap.mrrescue.mrrescue" peer_pid=3645 peer_label="unconfined"
Jun 6 14:36:52 skull dbus[3321]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/gnome/ScreenSaver" interface="org.gnome.ScreenSaver" member="SimulateUserActivity" mask="send" name="org.gnome.ScreenSaver" pid=5750 label="snap.mrrescue.mrrescue" peer_pid=3754 peer_label="unconfined"
ogra
January 21, 2018, 2:18pm
5
This second commit does not seem to have even landed in edge yet, i still see:
Jan 21 15:07:25 acheron dbus[2108]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/ScreenSaver" interface="org.freedesktop.ScreenSaver" member="Inhibit" mask="send" name="org.freedesktop.ScreenSaver" pid=14372 label="snap.vlc.vlc" peer_pid=2231 peer_label="unconfined"
even when using the core from edge with the vlc snap … (and indeed eventually the screen suspends during streaming)
The rule is in master and origin/release/2.30, but I noticed another problem with it. ‘member’ can’t match since it prepends the interface. :\
I’ll fix this in the next batch of updates.
2 Likes
