Request for kernel-module-control interface for auto-cpufreq

store-requests
1

Hi,

auto-cpufreq project has had snap package for few years now, and with release of 2.2.0, its snap package is in broken state.

Example output:

sudo auto-cpufreq --live           

Using settings defined in /etc/auto-cpufreq.conf file

Note: You can quit live mode by pressing "ctrl+c"
Traceback (most recent call last):
  File "/snap/auto-cpufreq/149/bin/auto-cpufreq", line 8, in <module>
    sys.exit(main())
  File "/snap/auto-cpufreq/149/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/snap/auto-cpufreq/149/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/snap/auto-cpufreq/149/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/snap/auto-cpufreq/149/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/snap/auto-cpufreq/149/lib/python3.10/site-packages/auto_cpufreq/bin/auto_cpufreq.py", line 122, in main
    battery_setup()
  File "/snap/auto-cpufreq/149/lib/python3.10/site-packages/auto_cpufreq/battery_scripts/battery.py", line 41, in battery_setup
    if lsmod("thinkpad_acpi"):
  File "/snap/auto-cpufreq/149/lib/python3.10/site-packages/auto_cpufreq/battery_scripts/battery.py", line 10, in lsmod
    output = subprocess.run(
  File "/usr/lib/python3.10/subprocess.py", line 503, in run
    with Popen(*popenargs, **kwargs) as process:
  File "/usr/lib/python3.10/subprocess.py", line 971, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "/usr/lib/python3.10/subprocess.py", line 1863, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
PermissionError: [Errno 13] Permission denied: 'lsmod'

If I install the snap build with --devmode, i.e: sudo snap install auto-cpufreq_2.2.0_amd64.snap --devmode everything works as expected. Hence, based on what I read in this post, I need access to kernel-module-control interface/plug.

Example snapcraft.yaml file with kernel-module-control included:

name: auto-cpufreq
base: core22
summary: Automatic CPU speed & power optimizer for Linux
description: |
  Automatic CPU speed & power optimizer for Linux based on active
  monitoring of laptop's battery state, CPU usage and system load.
  Ultimately allowing you to improve battery life without making
  any compromises.

license: LGPL-3.0
grade: stable
confinement: strict
adopt-info: auto-cpufreq

compression: lzo

architectures:
  - build-on: [amd64]
    build-for: [amd64]
  - build-on: [amd64]
    build-for: [arm64]

parts:
  auto-cpufreq:
    plugin: python
    python-packages:
       - setuptools
       - wheel
       - requests
    build-packages:
       - gcc
       - python3-dev
    stage-packages:
       - coreutils
       - dmidecode
       - pkexec
    source: .
    override-pull: |
      snapcraftctl pull
      snapcraftctl set-version `grep ^version $SNAPCRAFT_PART_SRC/pyproject.toml | sed 's/.*"\(.*\)"/\1/'`

  deploy-scripts:
    plugin: dump
    source: scripts
    organize:
      cpufreqctl.sh: usr/bin/cpufreqctl.auto-cpufreq
      snapdaemon.sh: usr/bin/snapdaemon

  copy-image:
    plugin: dump
    source: images

plugs:
   etc-auto-cpufreq-conf:
    interface: system-files
    write:
    - /etc/auto-cpufreq.conf

apps:
  auto-cpufreq:
    command: bin/auto-cpufreq
    environment:
      PYTHONPATH: $SNAP/usr/lib/python3/site-packages:$SNAP/usr/lib/python3/dist-packages:$PYTHONPATH
      LC_ALL: C.UTF-8
      LANG: C.UTF-8
      PKG_MARKER: SNAP
    plugs:
      - cpu-control
      - system-observe
      - hardware-observe
      - kernel-module-control
      - etc-auto-cpufreq-conf

  auto-cpufreq-gtk:
    command: bin/auto-cpufreq-gtk
    extensions: [gnome]
    environment:
      PYTHONPATH: $SNAP/usr/lib/python3/site-packages:$SNAP/usr/lib/python3/dist-packages:$PYTHONPATH
      LC_ALL: C.UTF-8
      LANG: C.UTF-8
      PKG_MARKER: SNAP
    plugs:
      - cpu-control
      - system-observe
      - hardware-observe
      - kernel-module-control
      - desktop
      - desktop-legacy
      - wayland
      - x11
  service:
    command: usr/bin/snapdaemon
    plugs:
      - cpu-control
      - system-observe
      - hardware-observe
    environment:
      LC_ALL: C.UTF-8
      LANG: C.UTF-8
      PKG_MARKER: SNAP
    daemon: simple

Could you please allow “kernel-module-control” interface for auto-cpufreq so I can publish this updated version to Snap store?

Thank you and looking forward to your reply,

Adnan

2

From what I can see your snap simply needs to see if the thinkpad_acpi module is loaded - in which case kernel-module-observe is a better fit.

3

Right, in that case could I please get an approval for kernel-module-observe plug for auto-cpufreq and will use it instead of kernel-module-control?

Thanks

4

@alexmurray I did some testing, it doesn’t seem like kernel-module-observe will be enough, after connecting it manually I’m still get the same error:

snap connections auto-cpufreq
Interface               Plug                                Slot                            Notes
content[gnome-42-2204]  auto-cpufreq:gnome-42-2204          gnome-42-2204:gnome-42-2204     -
content[gtk-3-themes]   auto-cpufreq:gtk-3-themes           gtk-common-themes:gtk-3-themes  -
content[icon-themes]    auto-cpufreq:icon-themes            gtk-common-themes:icon-themes   -
content[sound-themes]   auto-cpufreq:sound-themes           gtk-common-themes:sound-themes  -
cpu-control             auto-cpufreq:cpu-control            -                               -
desktop                 auto-cpufreq:desktop                :desktop                        -
desktop-legacy          auto-cpufreq:desktop-legacy         :desktop-legacy                 -
gsettings               auto-cpufreq:gsettings              :gsettings                      -
hardware-observe        auto-cpufreq:hardware-observe       -                               -
kernel-module-observe   auto-cpufreq:kernel-module-observe  :kernel-module-observe          manual
opengl                  auto-cpufreq:opengl                 :opengl                         -
system-files            auto-cpufreq:etc-auto-cpufreq-conf  -                               -
system-observe          auto-cpufreq:system-observe         -                               -
wayland                 auto-cpufreq:wayland                :wayland                        -
x11                     auto-cpufreq:x11                    :x11                            -

sudo auto-cpufreq --live     

Using settings defined in /etc/auto-cpufreq.conf file

Note: You can quit live mode by pressing "ctrl+c"

----------------------------------- Warning -----------------------------------

Due to Snap package confinement limitations please consider installing auto-cpufreq using
auto-cpufreq-installer: https://github.com/AdnanHodzic/auto-cpufreq/#auto-cpufreq-installer

Unable to detect state of GNOME Power Profiles daemon service!
This daemon might interfere with auto-cpufreq and should be disabled.

Steps to perform this action using auto-cpufreq: power_helper script:
git clone https://github.com/AdnanHodzic/auto-cpufreq.git
cd auto-cpufreq/auto_cpufreq
python3 power_helper.py --gnome_power_disable

Reference: https://github.com/AdnanHodzic/auto-cpufreq#configuring-auto-cpufreq

----------------------------------- Warning -----------------------------------

Unable to detect if you are using a TLP service!
This daemon might interfere with auto-cpufreq which can lead to unexpected results.
We strongly encourage you not to use TLP unless you really know what you are doing.

-------------------------------------------------------------------------------

PermissionError(13, 'Permission denied')
Linux distro: UNKNOWN distro UNKNOWN version
Linux kernel: 6.5.0-17-generic
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Cores: 8
Architecture: x86_64
Driver: intel_pstate

------------------------------ Current CPU stats ------------------------------

CPU max frequency: 1800 MHz
CPU min frequency: 400 MHz

Core	Usage	Temperature	Frequency
CPU0      2.0%       nan °C       700 MHz
CPU1      6.1%       nan °C       700 MHz
CPU2      1.0%       nan °C       400 MHz
CPU3      4.1%       nan °C       700 MHz
CPU4      1.0%       nan °C       700 MHz
CPU5      9.8%       nan °C       400 MHz
CPU6      1.0%       nan °C       700 MHz
CPU7      1.0%       nan °C       700 MHz

---------------------------- CPU frequency scaling ----------------------------

Traceback (most recent call last):
  File "/snap/auto-cpufreq/x1/bin/auto-cpufreq", line 8, in <module>
    sys.exit(main())
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/bin/auto_cpufreq.py", line 139, in main
    set_autofreq()
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/core.py", line 1130, in set_autofreq
    elif charging():
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/core.py", line 315, in charging
    with open(Path(power_supply_path + supply + "/type")) as f:
PermissionError: [Errno 13] Permission denied: '/sys/class/power_supply/AC/type'

Even by manually connecting kernel-module-control it still fails:

snap connections auto-cpufreq
Interface               Plug                                Slot                            Notes
content[gnome-42-2204]  auto-cpufreq:gnome-42-2204          gnome-42-2204:gnome-42-2204     -
content[gtk-3-themes]   auto-cpufreq:gtk-3-themes           gtk-common-themes:gtk-3-themes  -
content[icon-themes]    auto-cpufreq:icon-themes            gtk-common-themes:icon-themes   -
content[sound-themes]   auto-cpufreq:sound-themes           gtk-common-themes:sound-themes  -
cpu-control             auto-cpufreq:cpu-control            -                               -
desktop                 auto-cpufreq:desktop                :desktop                        -
desktop-legacy          auto-cpufreq:desktop-legacy         :desktop-legacy                 -
gsettings               auto-cpufreq:gsettings              :gsettings                      -
hardware-observe        auto-cpufreq:hardware-observe       -                               -
kernel-module-control   auto-cpufreq:kernel-module-control  :kernel-module-control          manual
opengl                  auto-cpufreq:opengl                 :opengl                         -
system-files            auto-cpufreq:etc-auto-cpufreq-conf  -                               -
system-observe          auto-cpufreq:system-observe         -                               -
wayland                 auto-cpufreq:wayland                :wayland                        -
x11                     auto-cpufreq:x11                    :x11                            -


sudo auto-cpufreq --live

Using settings defined in /etc/auto-cpufreq.conf file

Note: You can quit live mode by pressing "ctrl+c"

----------------------------------- Warning -----------------------------------

Due to Snap package confinement limitations please consider installing auto-cpufreq using
auto-cpufreq-installer: https://github.com/AdnanHodzic/auto-cpufreq/#auto-cpufreq-installer

Unable to detect state of GNOME Power Profiles daemon service!
This daemon might interfere with auto-cpufreq and should be disabled.

Steps to perform this action using auto-cpufreq: power_helper script:
git clone https://github.com/AdnanHodzic/auto-cpufreq.git
cd auto-cpufreq/auto_cpufreq
python3 power_helper.py --gnome_power_disable

Reference: https://github.com/AdnanHodzic/auto-cpufreq#configuring-auto-cpufreq

----------------------------------- Warning -----------------------------------

Unable to detect if you are using a TLP service!
This daemon might interfere with auto-cpufreq which can lead to unexpected results.
We strongly encourage you not to use TLP unless you really know what you are doing.

-------------------------------------------------------------------------------

PermissionError(13, 'Permission denied')
Linux distro: UNKNOWN distro UNKNOWN version
Linux kernel: 6.5.0-17-generic
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Cores: 8
Architecture: x86_64
Driver: intel_pstate

------------------------------ Current CPU stats ------------------------------

CPU max frequency: 1800 MHz
CPU min frequency: 400 MHz

Core	Usage	Temperature	Frequency
CPU0      5.2%       nan °C       400 MHz
CPU1      7.0%       nan °C       600 MHz
CPU2      1.0%       nan °C       700 MHz
CPU3      5.0%       nan °C       700 MHz
CPU4      5.1%       nan °C       699 MHz
CPU5      1.0%       nan °C       400 MHz
CPU6      5.1%       nan °C       700 MHz
CPU7      3.1%       nan °C       400 MHz

---------------------------- CPU frequency scaling ----------------------------

Traceback (most recent call last):
  File "/snap/auto-cpufreq/x1/bin/auto-cpufreq", line 8, in <module>
    sys.exit(main())
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/bin/auto_cpufreq.py", line 139, in main
    set_autofreq()
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/core.py", line 1130, in set_autofreq
    elif charging():
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/core.py", line 315, in charging
    with open(Path(power_supply_path + supply + "/type")) as f:
PermissionError: [Errno 13] Permission denied: '/sys/class/power_supply/AC/type'

Even after manually connecting both kernel-module-control & kernel-module-observer I’m still getting the same error.

sudo snap install auto-cpufreq_2.2.0_amd64.snap --dangerous
auto-cpufreq 2.2.0 installed

sudo snap connect auto-cpufreq:kernel-module-control       
sudo snap connect auto-cpufreq:kernel-module-observe
                                                                                                                                                                                                        
snap connections auto-cpufreq       
                
Interface               Plug                                Slot                            Notes
content[gnome-42-2204]  auto-cpufreq:gnome-42-2204          gnome-42-2204:gnome-42-2204     -
content[gtk-3-themes]   auto-cpufreq:gtk-3-themes           gtk-common-themes:gtk-3-themes  -
content[icon-themes]    auto-cpufreq:icon-themes            gtk-common-themes:icon-themes   -
content[sound-themes]   auto-cpufreq:sound-themes           gtk-common-themes:sound-themes  -
cpu-control             auto-cpufreq:cpu-control            -                               -
desktop                 auto-cpufreq:desktop                :desktop                        -
desktop-legacy          auto-cpufreq:desktop-legacy         :desktop-legacy                 -
gsettings               auto-cpufreq:gsettings              :gsettings                      -
hardware-observe        auto-cpufreq:hardware-observe       -                               -
kernel-module-control   auto-cpufreq:kernel-module-control  :kernel-module-control          manual
kernel-module-observe   auto-cpufreq:kernel-module-observe  :kernel-module-observe          manual
opengl                  auto-cpufreq:opengl                 :opengl                         -
system-files            auto-cpufreq:etc-auto-cpufreq-conf  -                               -
system-observe          auto-cpufreq:system-observe         -                               -
wayland                 auto-cpufreq:wayland                :wayland                        -
x11                     auto-cpufreq:x11                    :x11                            -
 ahodzic@carbon7  ~/code/auto-cpufreq  ↰ master ±  sudo auto-cpufreq --live                            

Using settings defined in /etc/auto-cpufreq.conf file

Note: You can quit live mode by pressing "ctrl+c"

----------------------------------- Warning -----------------------------------

Due to Snap package confinement limitations please consider installing auto-cpufreq using
auto-cpufreq-installer: https://github.com/AdnanHodzic/auto-cpufreq/#auto-cpufreq-installer

Unable to detect state of GNOME Power Profiles daemon service!
This daemon might interfere with auto-cpufreq and should be disabled.

Steps to perform this action using auto-cpufreq: power_helper script:
git clone https://github.com/AdnanHodzic/auto-cpufreq.git
cd auto-cpufreq/auto_cpufreq
python3 power_helper.py --gnome_power_disable

Reference: https://github.com/AdnanHodzic/auto-cpufreq#configuring-auto-cpufreq

----------------------------------- Warning -----------------------------------

Unable to detect if you are using a TLP service!
This daemon might interfere with auto-cpufreq which can lead to unexpected results.
We strongly encourage you not to use TLP unless you really know what you are doing.

-------------------------------------------------------------------------------

PermissionError(13, 'Permission denied')
Linux distro: UNKNOWN distro UNKNOWN version
Linux kernel: 6.5.0-17-generic
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Cores: 8
Architecture: x86_64
Driver: intel_pstate

------------------------------ Current CPU stats ------------------------------

CPU max frequency: 800 MHz
CPU min frequency: 400 MHz

Core	Usage	Temperature	Frequency
CPU0      8.1%       nan °C       800 MHz
CPU1      5.0%       nan °C       800 MHz
CPU2      9.1%       nan °C       800 MHz
CPU3      3.1%       nan °C       800 MHz
CPU4      2.0%       nan °C       800 MHz
CPU5      2.0%       nan °C       800 MHz
CPU6      3.0%       nan °C       800 MHz
CPU7      3.0%       nan °C       800 MHz

---------------------------- CPU frequency scaling ----------------------------

Traceback (most recent call last):
  File "/snap/auto-cpufreq/x1/bin/auto-cpufreq", line 8, in <module>
    sys.exit(main())
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/bin/auto_cpufreq.py", line 139, in main
    set_autofreq()
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/core.py", line 1130, in set_autofreq
    elif charging():
  File "/snap/auto-cpufreq/x1/lib/python3.10/site-packages/auto_cpufreq/core.py", line 315, in charging
    with open(Path(power_supply_path + supply + "/type")) as f:
PermissionError: [Errno 13] Permission denied: '/sys/class/power_supply/AC/type'

Again, if I make the changes using --devmode everything works as expected.

Of course, full source code is available on: https://github.com/AdnanHodzic/auto-cpufreq/ and these are 2.2.0 changes: https://github.com/AdnanHodzic/auto-cpufreq/releases

5

That is definitely not related to any module loading … does snappy-debug report anything here ?

6

This is the output when I run auto-cpufreq --live when installed with --dangerous and manually connected plugs I mentioned in last post.

sudo snappy-debug
INFO: Following '/var/log/syslog'. If have dropped messages, use:
INFO: $ sudo journalctl --output=short --follow --all | sudo snappy-debug
kernel.printk_ratelimit = 0
= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/virtual/thermal/thermal_zone0/hwmon1/temp1_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/virtual/thermal/thermal_zone0/hwmon1/temp1_input (read)
Suggestions:
* adjust program to not access '/sys/devices/virtual/thermal/thermal_zone0/hwmon1/temp1_input'
* adjust program to not access '/sys/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/pci0000:00/0000:00:1d.0/0000:03:00.0/nvme/nvme0/hwmon3/temp1_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/pci0000:00/0000:00:1d.0/0000:03:00.0/nvme/nvme0/hwmon3/temp1_input (read)
Suggestions:
* adjust program to not access '/sys/devices/pci0000:00/0000:00:1d.0/0000:03:00.0/nvme/nvme0/hwmon3/temp1_input'
* adjust program to not access '/sys/devices/pci[0-9]*:[0-9]*/[0-9]*:[0-9]*:[0-9]*d.[0-9]*/[0-9]*:[0-9]*:[0-9]*.[0-9]*/nvme/nvme[0-9]*/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/virtual/thermal/thermal_zone4/hwmon6/temp1_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/virtual/thermal/thermal_zone4/hwmon6/temp1_input (read)
Suggestions:
* adjust program to not access '/sys/devices/virtual/thermal/thermal_zone4/hwmon6/temp1_input'
* adjust program to not access '/sys/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp1_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/coretemp.0/hwmon/hwmon7/temp1_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp1_input'
* adjust program to not access '/sys/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp2_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/coretemp.0/hwmon/hwmon7/temp2_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp2_input'
* adjust program to not access '/sys/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp3_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/coretemp.0/hwmon/hwmon7/temp3_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp3_input'
* adjust program to not access '/sys/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp4_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/coretemp.0/hwmon/hwmon7/temp4_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp4_input'
* adjust program to not access '/sys/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp5_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/coretemp.0/hwmon/hwmon7/temp5_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/coretemp.0/hwmon/hwmon7/temp5_input'
* adjust program to not access '/sys/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/virtual/thermal/thermal_zone7/hwmon8/temp1_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/virtual/thermal/thermal_zone7/hwmon8/temp1_input (read)
Suggestions:
* adjust program to not access '/sys/devices/virtual/thermal/thermal_zone7/hwmon8/temp1_input'
* adjust program to not access '/sys/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp1_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp1_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp1_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp2_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp2_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp2_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp3_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp3_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp3_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp4_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp4_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp4_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp5_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp5_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp5_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp6_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp6_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp6_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp7_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp7_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp7_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp8_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp8_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/temp8_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/temp[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/fan1_input" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/fan1_input (read)
Suggestions:
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon9/fan1_input'
* adjust program to not access '/sys/devices/platform/thinkpad_hwmon/hwmon/hwmon[0-9]*/fan[0-9]*_input'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.auto-cpufreq.auto-cpufreq" name="/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:19/PNP0C09:00/ACPI0003:00/power_supply/AC/type" pid=551018 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:19/PNP0C09:00/ACPI0003:00/power_supply/AC/type (read)
Suggestions:
* adjust program to not access '/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:19/PNP0C09:00/ACPI0003:00/power_supply/AC/type'
* adjust program to not access '/sys/devices/LNXSYSTM:[0-9]*/LNXSYBUS:[0-9]*/PNP[0-9]*A[0-9]*:[0-9]*/device:[0-9]*/PNP[0-9]*C[0-9]*:[0-9]*/ACPI[0-9]*:[0-9]*/power_supply/AC/type'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6594 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/3887/cmdline" pid=6594 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/3887/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6594 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="open" class="file" profile="snap.discord.discord" name="/proc/4081/cmdline" pid=6594 comm="Utils" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
File: /proc/4081/cmdline (read)
Suggestion:
* adjust program to not access '@{PROC}/@{pid}/cmdline'

= AppArmor =
Time: 2024-02-17T16:1
Log: apparmor="DENIED" operation="ptrace" class="ptrace" profile="snap.discord.discord" pid=6594 comm="Utils" requested_mask="read" denied_mask="read" peer="unconfined"
Ptrace: peer=unconfined (read)
Suggestions:
* add 'system-observe' to 'plugs'
* do nothing if program otherwise works properly
...

It almost goes into loop so I stopped it there (ctrl +c)

7

/sys/devices/virtual/thermal/thermal_zone0/hwmon1/temp1_input should be accessible via hardware-observe since hardware-observe provided full recursive read access to /sys/devices/

Are you sure this is connected?

Also the previous error for /sys/class/power_supply/AC/type is not related to kernel modules - and as you say even connecting both kernel-module-control and kernel-module-observe doesn’t make any difference - so please remove kernel-module-control.

Also again hardware-observe should already provide read access to /sys/class/* - so unless you are trying to write to this file it should not be getting denied.

Can you provide more details on what exactly auto-cpufreq is doing?

8

I think that’s the problem then as auto-cpufreq will need write access to /sys/class/power_supply/ because that’s the path the ACPI modules expose to read and set values, as without it auto-cpufreq won’t be able to set battery charges thresholds.

This is the new feature that has been released with v2.2.0 which you can read more about here.

9

we might need to add this to the power-control interface if the security team considers it safe there …

https://github.com/snapcore/snapd/blob/master/interfaces/builtin/power_control.go

10

The existing AppArmor accesses in power-control is more focused seemingly on the power attributes for particular devices - whereas in this case it is more about the power supply of the system itself - ALTHOUGH the description is “allows setting system power settings” - which would appear to include things as per /sys/class/power_supply - so I would not be opposed to increasing the scope of the existing power-control interface to include this.

@ahodzic would you be interested in sending a PR for snapd to try and include the required access to the existing power-control interface?

11

@alexmurray just to clarify, are you suggesting I make a PR or a request for snapd to include the required access?

12

@ahodzic yes, as your snap needs this access it is best placed to test it as well so I think it would make sense (if you are able) to send a PR.

Assuming this gets merged this would also make a good case for granting the use of system-files here in the meantime before a stable version of snapd is released which supports the new addition to power-control.

13

@alexmurray I’ll try to find time to do this, as it does sound interesting. To help me get started, do you (or anyone else) know of any similar PR’s that implement request to other interfaces? Just something I could use for a reference in this process.

14

Sure - even the most recent change to that interface itself should serve as a reasonable starting point https://github.com/snapcore/snapd/pull/11404

15

@ahodzic ,

Did this help?

Let us know if you have any question and if you are ok with the time it might take to have this available in a future snapd release.

Thanks!

16

Hi @emitorino I apologize for my delayed reply, as I was quite busy and didn’t get a chance to look into this/create this PR before.

I’ve made a Add paths for battery charging thresholds to hardware-observe interface #13722 snapd PR request.

However, PR failed on CLA check, because I didn’t fill out the Contributor agreement form. Which I did do afterwards as individual contributor and since I didn’t know what to fill out in “Please add the Canonical Project Manager or contact” field I put your name here @alexmurray, hope that’s okay? Please note I made this same comment in the PR itself.

Either way, any pointers from either of you two would be greatly appreciated! Thanks

1 Like
17

I think adding @alexmurray as your Canonical contact is correct. I also see interactions in the PR (including some issues you are trying to figure out) so everything should be moving fw.

1 Like
18

Fwiw, when I signed the CLA as an individual, I just put “N/A” as the Canonical contact and never had a problem. There might be a more specific process for commercial entities, but for individual contributions it was accepted just fine and hasn’t been a problem for me personally.