To make the review of your request easier, please use the following template to provide all the required details and also include any other information that may be relevant.
- name: smartctl-exporter
- description: Export smartctl statistics to prometheus
- snapcraft: snapcraft.yaml
- upstream: GitHub - prometheus-community/smartctl_exporter: Export smartctl statistics to prometheus
- upstream-relation: relation of the snap publisher with the upstream
- interfaces:
- hardware-observe:
- request-type: auto-connection
- reasoning: Without this interface, AppArmor doesn’t allow to read storage hardware. E.g:
- hardware-observe:
Log: apparmor="DENIED" operation="open" profile="snap.smartctl-exporter.smartctl-exporter" name="/sys/devices/pci0000:60/0000:60:03.2/0000:64:00.0/host0/scsi_host/host0/proc_name" pid=7591 comm="smartctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/pci0000:60/0000:60:03.2/0000:64:00.0/host0/scsi_host/host0/proc_name (read)
```
- network-observe:
- request-type: auto-connection
- reasoning: Without this interface, AppArmor doesn’t allow to read network. E.g:
= AppArmor =
Time: Aug 29 13:00:21
Log: apparmor="DENIED" operation="open" profile="snap.smartctl-exporter.smartctl-exporter" name="/proc/7340/net/netstat" pid=7340 comm="smartctl_export" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /proc/7340/net/netstat (read)
Suggestions:
* adjust program to not access '@{PROC}/@{pid}/net/netstat'
* add one of 'firewall-control, network-control, network-observe' to 'plugs
Note : network-observe and hardware-observewere recently added to the snap and block-devices already have auto-connect