Hi,
I am experimenting with delivering our software via snapcraft, the purpose of software is to grab image frames from USB industrial camera device Basler. It is genicam compliant, and I am using genicam protocol implementation in python named “harvesters” to access frames. I am using raw-usb, camera, home, network plugs. Unfortunately, my app is working in devmode while in strict mode, the read access to /sys/bus/usb/ is getting denied. These are logs of dmesg in devmode
. While going through the raw-usb implementation, i can see that there is read access available to /sys/bus/usb, but unfortunately I am unable to access it; I also tried to run shell inside my snap environment and tried going ls /sys/bus/usb, and it’s permission denied in strict mode. My snapcraft file is
name: test
version: '0.0.1'
summary: test
description: test
grade: stable
confinement: strict
base: core22
apps:
qaapp:
command: main/main
plugs:
- raw-usb
- home
- network
- network-bind
parts:
36zerovision:
plugin: dump
source: dist
basler-camera-driver:
plugin: nil
override-build: |
wget https://example.blob.core.windows.net/publicdatasets/pylon_7.2.1.25747_x86_64.tar.gz
mkdir $SNAPCRAFT_PART_INSTALL/pylon
tar -C $SNAPCRAFT_PART_INSTALL/pylon -xzf ./pylon_*.tar.gz
chmod 755 $SNAPCRAFT_PART_INSTALL/pylon
build-packages:
- dpkg
- wget
. Just for information, I am using basler-camera-driver part of snapcraft to install the GenTL producer for basler camera. Any hints, ideas, or answers are highly appreciated!
Try with adding camera plug. Also replace $SNAPCRAFT with $CRAFT
1 Like
Thanks, added camera and CRAFT, but still no luck.
That is log I am facing in strict mode
[196797.398057] audit: type=1326 audit(1693770070.754:22949180): auid=1000 uid=0 gid=0 ses=3 subj=snap.test.qaapp pid=79864 comm="main" exe="/snap/test/x1/main/main" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9fa0532ceb code=0x50000
while in devmode, it’s giving these warnings
[197020.066207] audit: type=1326 audit(1693770293.419:22949208): auid=1000 uid=0 gid=0 ses=3 subj=snap.test.qaapp pid=80440 comm="main" exe="/snap/test/x1/main/main" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe6a0078ceb code=0x7ffc0000
[197020.066276] audit: type=1400 audit(1693770293.419:22949209): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/bus/usb/devices/" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066280] audit: type=1400 audit(1693770293.419:22949210): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066330] audit: type=1400 audit(1693770293.419:22949211): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066334] audit: type=1400 audit(1693770293.419:22949212): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/speed" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066337] audit: type=1400 audit(1693770293.419:22949213): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/descriptors" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066351] audit: type=1400 audit(1693770293.419:22949214): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066402] audit: type=1400 audit(1693770293.419:22949215): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066406] audit: type=1400 audit(1693770293.419:22949216): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/speed" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066408] audit: type=1400 audit(1693770293.419:22949217): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/descriptors" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066463] audit: type=1400 audit(1693770293.419:22949218): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066468] audit: type=1400 audit(1693770293.419:22949219): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066470] audit: type=1400 audit(1693770293.419:22949220): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/speed" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066527] audit: type=1400 audit(1693770293.419:22949221): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/descriptors" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066532] audit: type=1400 audit(1693770293.419:22949222): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066534] audit: type=1400 audit(1693770293.419:22949223): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066536] audit: type=1400 audit(1693770293.419:22949224): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/speed" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066548] audit: type=1400 audit(1693770293.419:22949225): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/descriptors" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066599] audit: type=1400 audit(1693770293.419:22949226): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066604] audit: type=1400 audit(1693770293.419:22949227): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066606] audit: type=1400 audit(1693770293.419:22949228): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066661] audit: type=1400 audit(1693770293.419:22949229): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066665] audit: type=1400 audit(1693770293.419:22949230): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/speed" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066668] audit: type=1400 audit(1693770293.419:22949231): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1/descriptors" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066683] audit: type=1400 audit(1693770293.419:22949232): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066739] audit: type=1400 audit(1693770293.419:22949233): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.066843] audit: type=1400 audit(1693770293.419:22949234): apparmor="ALLOWED" operation="capable" class="cap" profile="snap.test.qaapp" pid=80440 comm="main" capability=23 capname="sys_nice"
[197020.070875] audit: type=1400 audit(1693770293.423:22949235): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/bConfigurationValue" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.070883] audit: type=1400 audit(1693770293.423:22949236): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/bConfigurationValue" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[197020.070927] audit: type=1400 audit(1693770293.423:22949237): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/dev/bus/usb/002/003" pid=80440 comm="main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[197020.077631] audit: type=1400 audit(1693770293.431:22949238): apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/dev/bus/usb/002/003" pid=80440 comm="main" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
[197020.631554] audit: type=1400 audit(1693770293.987:22949239): apparmor="ALLOWED" operation="capable" class="cap" profile="snap.test.qaapp" pid=80440 comm="CUxStream::Xfer" capability=23 capname="sys_nice"
and the strange thing is that, in snappy-debug, it’s printing these warnings,
= AppArmor =
Time: Sep 3 21:44:53
Log: apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/bus/usb/devices/" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/bus/usb/devices/ (read)
Suggestions:
* adjust program to not access '/sys/bus/usb/devices/'
* add one of 'camera, raw-usb' to 'plugs'
= AppArmor =
Time: Sep 3 21:44:53
Log: apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/busnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/busnum (read)
Suggestions:
* adjust program to not access '/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/busnum'
* adjust program to not access '/sys/devices/pci[0-9]*:[0-9]*/[0-9]*:[0-9]*:[0-9]*.[0-9]*/usb[0-9]*/[0-9]*-[0-9]*/busnum'
= AppArmor =
Time: Sep 3 21:44:53
Log: apparmor="ALLOWED" operation="open" class="file" profile="snap.test.qaapp" name="/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/devnum" pid=80440 comm="main" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
File: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/devnum (read)
Suggestions:
* adjust program to not access '/sys/devices/pci0000:00/0000:00:14.0/usb2/2-3/devnum'
* adjust program to not access '/sys/devices/pci[0-9]*:[0-9]*/[0-9]*:[0-9]*:[0-9]*.[0-9]*/usb[0-9]*/[0-9]*-[0-9]*/devnum'
although I added camera, and raw-usb into plugs
plugs:
- raw-usb
- home
- network
- network-bind
- camera
- system-backup
- process-control
ogra
September 4, 2023, 11:08am
4
Neither of these interfaces will automatically connect… you will need to use the snap connect... command after installing the snap
1 Like
Thanks, yes it’s working. My error was; I think related to caching, I built many snaps before with different plugs under same snap name. Although I was using connecting the plug manually, but still no success. I changed a different name, then it’s working. I also tried with snapcraft clean, but no luck with clearing the cache.
