Serial-port permissions

Hi guys,

In our snap pycom-firmware-updater we face a problem. In application itself we use a pyserial library. At some point it scans available devices that are connected to your PC, that’s needed cause we are working with IOT devices. During the scanning this lib try to scan some devices(ttySx) that are not allowed by serial-port interface(found that info in this topic Snapd Interfaces: /dev/tty[0-9]+ Read Write). Is there a posibility to fix this problem even with some super-privileged interfaces?

UPDATE.

During futher debugging we found that the exect problem is not with ttySx devices, but with ttyACM0 device. The pyserial library try to get info from file which path is /sys/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.5. And couldn’t load any info from it. But when you run the exect same app build but without snap wrapping everything is working fine. Can someone pls help with this problem.

you can enable usb-hotplug support on the host, that will give you a serial interface your snap can connect to …

Hi @ogra,

we have tried your solution, but the problem is the same. we also tried to restart snapd and reconect the device.

Result of snap interface serial-port, to be sure that hotplug is working:

name: serial-port

summary: allows accessing a specific serial port

plugs:

• pycom-firmware-updater

slots:

• snapd:expansion3 (allows accessing a specific serial port)

did you connect the interface using snap connect ?

it’s seen in connections of the snap

MicrosoftTeams-image835×447 126 KB

but you did not connect it to the slot …

So i need to add a slots section?

Do the snap with such section need a manual review all the time after upload to the snapstore?

no, you need to use the snap connect ... command t connect the slot of your snap to the plug that hot-plugging created for you … with something like:

sudo snap connect pycom-firmware-updater:serial-port expansion3

(or snapd:expansion3 for the slot …)

@ogra

MicrosoftTeams-image (1)895×410 97.1 KB

can you show the exact errors from the snappy-debug tool when running your application or at least he exact output from dmesg or journalctl ?

also, does the user that runs your tool have full access to the device (note that snap interfaces do not change any system permissions, if you need root/sudo to access a device, you also need root when using a snapped app with it)

App itself don’t need any root privileges.

from

sudo journalctl --output=short --follow --all | sudo snappy-debug

MicrosoftTeams-image (2)1902×272 65.8 KB

Also snappy-debug:

Screenshot from 2022-03-18 16-08-53792×390 29.5 KB

Screenshot from 2022-03-18 16-09-53529×740 74.9 KB

and did you try with sudo ?

@ogra,

Thank you for your support.

A installation for the app with sudo will throw the below error

Which maybe we have to check, but I want to say that if we run the app directly without snap (binaries) [that are downloaded during snap installation] the app work fine and the block is happening from snap side.

Do you think sudo is the solution, or we have to add permissions for that?

we don’t want to ask users for sudo priveleges if it’s not the last chance to start the app. THat’s why we want to deeper understand how to solve different permisions problems we face with our app with snap wrapping

i understand that, i just wanted to know the output, but @ahmad already helped …

first of all try adding the raw-usb plug (and do not forget to connect it), that should allow /sys/devices/pci**/usb[0-9]** r, so it should allow you to read bNumInterfaces if it is user readable (normally the hot-plug connection is enough, but your app seems to additionally poke deep into sysfs to get some extra info)

after connecting raw-usb it’s working fine.

@ogra thx a lot for your time and advices.