SNAP Manual Review


#1

Hi,

It seems my SNAP needs a manual review can someone please look into it ?

Snap: https://dashboard.snapcraft.io/snaps/voilaiot/revisions/14/

I’m trying to give it access to the interface system-files to fix a permission issue:
IOError: [Errno 13] Permission denied: '/sys/class/gpio/export

Thanks


#2

this path is covered by the gpio interface …

(once you connect to a certain gpio number it will automatically export it …)


#3

All these are GPIO connected :

orangepi-zero-gadget:opi-gpio-10 voilaiot:gpio
orangepi-zero-gadget:opi-gpio-11 voilaiot:gpio
orangepi-zero-gadget:opi-gpio-12 voilaiot:gpio
orangepi-zero-gadget:opi-gpio-13 voilaiot:gpio
orangepi-zero-gadget:opi-gpio-14 -
orangepi-zero-gadget:opi-gpio-15 voilaiot:gpio
orangepi-zero-gadget:opi-gpio-16 voilaiot:gpio
orangepi-zero-gadget:opi-gpio-18 voilaiot:gpio
orangepi-zero-gadget:opi-gpio-19 voilaiot:gpio

but it keeps on giving me a permission error


#4

what’s the permission error?


#5

IOError: [Errno 13] Permission denied: '/sys/class/gpio/export


#6

are you writing to it as root (or via sudo) … note that all normal file permissions apply, even in the snap world if you use interfaces…

$ ls -lh /sys/class/gpio/export
--w------- 1 root root 4.0K Jan  1  1970 /sys/class/gpio/export

by default only root can write to that file …


#7

My SNAP is accessing it like this:

GPIO.setup(10, GPIO.OUT)

In Dev mode I don’t get this issue, it runs as expected (just connecting the interfaces)


#8

Unless I’m confused, I don’t think the gpio interface gives direct access to /sys/class/gpio/export, it does exporting on its own on behalf of the snap afaict.

This seems a case of a snap that wants to manage/access all possible GPIOs on its own?

@jdstrand any input on this?


#9

You are not confused. The gadget is meant to specify the slots and snapd sets up a oneshot systemd unit to export them. With devmode for this snap I would expect to see policy violations in the logs (but are otherwise allowed).