/run/snapd.socket in layout

busybox · April 25, 2020, 5:08pm

I need tp use /run/snapd.socket in communicating with snapd via snapd-glib to set / get core watchdog timeout values. But I get error on doing so:

= AppArmor =
Time: Apr 25 14:00:10
Log: apparmor="DENIED" operation="connect" profile="snap.hw.wtdog.runner" name="/run/snapd.socket" pid=1605 comm="setpet" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
File: /run/snapd.socket (write)
Suggestions:
* adjust program to use $SNAP_DATA
* adjust program to use /run/shm/snap.$SNAP_NAME.*
* adjust program to use /run/snap.$SNAP_NAME.*
* adjust snap to use snap layouts (https://forum.snapcraft.io/t/snap-layouts/7207)

Alhtough snappy-debug suggests to use layout for /run/snapd.socket
Snap layouts says that anything under path /run cannot be used in layout:

I still gave a try using:
layout: /run/snapd.socket: symlink: $SNAP_DATA/snapd.socket

but got an error during priming of snap

error: cannot validate snap "hw.wtdog": layout "/run/snapd.socket" in an off-limits area

What is the way out of this?

ogra · April 25, 2020, 5:26pm

as i told you in another thread before you need to use the snapd-control interface which requires a fully enabled brand store.

the snap needs to be uploaded to that store (which will make it automatically go into manual review) and a commercial support ticket needs to be filed (you should have gotten the correct support URLs for this in your onboarding document from your project manager) to have a store team employee add the snapd-control interface exception to the snap declaration of the snap.

busybox · April 26, 2020, 4:38am

Yes, I am trying this on a brand store app . Just that instead of pushing to store and then testing, I was trying this locally first and followed what snappy debug suggested to do.

But, with snapd-control I am able to set "runtime-timeout": "160s" and "shutdown-timeout": "450s" at a periodicity of 100 seconds using a service in the snap. But even then device reboots after 10 minutes with following message.

Read TcoWatchdogTimerStatus:1
Write and Read TcoWatchdogTimerStatus:3

Also, snap get core watchdog returns empty o/p

ogra · April 26, 2020, 10:08am

well … there is

so you should trigger a reboot after setting the config until this is fixed …

busybox · April 26, 2020, 11:45am

The bug you have pointed out is about command snap set core watchdog <timeout> which needs to be given at host prompt like any other snap command.

What I am doing trying to do is set the watchdog timeout values in a service of a snap using snapctl

snapcraft.yaml

apps:
    runner:
        command: '$SNAP/usr/bin/setpet'
        daemon: simple
        passthrough:
            # Run every 1 minutes
            timer: 0:00-24:00/1440
        plugs: [snapd-control]

setpet.c

snapd_client_set_socket_path(client, "/run/snapd.socket");
args = g_strsplit ("set;watchdog.runtime-timeout=2m", ";", -1);
result = snapd_client_run_snapctl_sync (client, ctx, args, &stdout_output, &stderr_output, NULL, &error);
g_assert_no_error (error);
g_assert_true (result);

snapd_client_set_socket_path(client, "/run/snapd.socket");
args = g_strsplit ("set;watchdog.shutdown-timeout=8m", ";", -1);
result = snapd_client_run_snapctl_sync (client, ctx, args, &stdout_output, &stderr_output, NULL, &error);
g_assert_no_error (error);
g_assert_true (result);

Although above demon is running every 1 min and petting the watchdog, device reboots after every 10 min and cycle continues.

/etc/systemd/system.conf.d/10-snapd-watchdog.conf stays empty no matter what. I see it gets written only with snap set core watchdog <> command which I do not want to do. For reference and understanding please find logs below before and after running snap set core watchdog <>

test1@localhost:~$ cat /etc/systemd/system.conf.d/10-snapd-watchdog.conf
cat: /etc/systemd/system.conf.d/10-snapd-watchdog.conf: No such file or directory
test1@localhost:~$
test1@localhost:~$ snap get core watchdog
Key  Value
test1@localhost:~$
test1@localhost:~$ snap set core watchdog runtime.timeout=2m
error: invalid configuration: "watchdog" (want key=value)
test1@localhost:~$
test1@localhost:~$ snap set core watchdog.runtime-timeout=2m
test1@localhost:~$
test1@localhost:~$ cat /etc/systemd/system.conf.d/10-snapd-watchdog.conf
[Manager]
RuntimeWatchdogSec=120
test1@localhost:~$
test1@localhost:~$ snap get core watchdog
Key                       Value
watchdog.runtime-timeout  3m
test1@localhost:~$

ogra · April 26, 2020, 12:13pm

snapctl and snap set are identical calls for the same backend code … the bug is in the interaction with systemd, regardless if the value is set, systemd wont pick it up unless you reboot …

busybox · April 26, 2020, 12:24pm

Understood. But, if that’s the case not sure why I see 10-snapd-watchdog.conf file populated properly only when set with snap set command but not snapctl

I did reboot from command line but does not help. After booting back it reboots again after every 10th min.