It looks like that doing a disable/enable on a snap with gpio plugs fails on enable: gpio are not exported before security profiles update.
If gpio is exported manually before snap enable, issue is not seen: sudo echo 192 > /sys/class/gpio/export
vtinelli@fe014e5031585858581367183b0483df:~$ snap disable private-snap
private-snap disabled
vtinelli@fe014e5031585858581367183b0483df:~$ snap enable private-snap
error: cannot perform the following tasks:
Setup snap “private-snap” (x1) security profiles (cannot setup apparmor for snap “private-snap”: cannot obtain apparmor specification for snap “private-snap”: lstat /sys/class/gpio/gpio192: no such file o
r directory)
Setup snap “private-snap” (x1) security profiles (cannot obtain apparmor specification for snap “private-snap”: lstat /sys/class/gpio/gpio192: no such file or directory)
kyleN
July 9, 2018, 3:50pm
2
I had the same result when disabling then enabling a snap that uses gpio interface (pi3).
@ogra ?
ogra
July 9, 2018, 3:55pm
3
As i understand it the gpio interface should do that call itself from a line in the snaps systemd unit:
return nil } func (iface *gpioInterface) SystemdConnectedSlot(spec *systemd.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error { var gpioNum int64 if err := slot.Attr("number", &gpioNum); err != nil { return err } serviceName := interfaces.InterfaceServiceName(slot.Snap().InstanceName(), fmt.Sprintf("gpio-%d", gpioNum)) service := &systemd.Service{ Type: "oneshot", RemainAfterExit: true, ExecStart: fmt.Sprintf("/bin/sh -c 'test -e /sys/class/gpio/gpio%d || echo %d > /sys/class/gpio/export'", gpioNum, gpioNum), ExecStop: fmt.Sprintf("/bin/sh -c 'test ! -e /sys/class/gpio/gpio%d || echo %d > /sys/class/gpio/unexport'", gpioNum, gpioNum), } return spec.AddService(serviceName, service) } func (iface *gpioInterface) AutoConnect(*snap.PlugInfo, *snap.SlotInfo) bool { // allow what declarations allowed
sounds like an issue with that interface or the ordering of bits that are executed during dis/enable … @jdstrand any ideas ?
I think I grok the issue now. Let me think about a possible fix.
EDIT: I sent a proposed fix to https://github.com/snapcore/snapd/pull/5721
1 Like