Remote error from secret service: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient

Hello,

I have the snapcraft.yaml:

name: notifi
version: 0.1.0
summary: Push notifications over HTTP
description: A multi platform app to receive push notifications over simple HTTP requests you can embed anywhere.
issues: https://github.com/maxisme/notifi/issues
confinement: strict
base: core18
grade: stable

slots:
  dbus-notifi:
    interface: dbus
    bus: session
    name: it.notifi

apps:
  notifi:
    command: notifi
    extensions: [flutter-dev]
    plugs:
      - network
      - password-manager-service
    slots:
      - dbus-notifi

parts:
  notifi:
    source: .
    plugin: flutter
    flutter-target: lib/main.dart
    build-packages:
      - libsecret-1-dev
      - libjsoncpp-dev
    stage-packages:
      # packages required to run
      - libsecret-1-dev
      - libjsoncpp1
      - libsqlite3-0
      - libsqlite3-dev
      - libgnome-keyring-common
      - libgnome-keyring0

But unfortunately after building and running:

snapcraft
sudo snap install notifi_0.1.0_amd64.snap --dangerous && notifi

I get the error when trying to r/w to the keyring:

Remote error from secret service: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type=“method_call”, sender=":1.808" (uid=1000 pid=87036 comm="/snap/notifi/x13/bin/notifi " label=“snap.notifi.notifi (enforce)”) interface=“org.freedesktop.Secret.Service” member=“OpenSession” error name="(unset)" requested_reply=“0” destination=":1.24" (uid=1000 pid=3760 comm="/usr/bin/gnome-keyring-daemon --daemonize --login " label=“unconfined”)

See also https://github.com/mogol/flutter_secure_storage/issues/309

You added the password-manager-service plug but that won’t connect automatically.

snap connect notifi:password-manager-service

1 Like

Ah okay - Do I need users who install the app to run this command??

have a look at the store-requests category in this forum … once you know all the interfaces you need, you can actually request auto-connection for your snap, depending how powerful an interface plug is this can be granted after a review…

EDIT: if you can not get an interface auto-connection granted you can always shell out to the snapctl is-connected ... function from your code and i.e. show a popup telling the user to connect it manually … here is an example:

2 Likes

Okay brilliant thank you - I have made a request here - Request password-manager-service auto-connection for notifi.

I think I might just write my secret to a text file though.