System reboot from within a strictly confined snap

tobias · February 21, 2019, 1:09pm

I’m trying to add system reboot capability to my snap. The relevant portions of my snapcraft.yaml:

apps:
  backend:
    plugs:
      - shutdown
backend:
  stage-packages:
      - systemd
      - systemd-sysv

snap interfaces mirros-one shows everything is set up correctly:

:shutdown                mirros-one

However, when I run snap run --shell mirros-one.backend and then inside the snap shell shutdown -r now "my message", I get the following error:

Failed to start reboot.target: Access denied
See system logs and 'systemctl status reboot.target' for details.

The backend service issues the exact same command. I’m assuming the snap run --shell mirros-one.backend environment has the same privileges?

I checked that systemd package indeed provides reboot.target:

user@host:~$ dpkg -S reboot.target
systemd: /lib/systemd/system/reboot.target

… and that it is present in my snap:

user@host:~$ ls /snap/mirros-one/current/lib/systemd/system | grep reboot
reboot.service
reboot.target
reboot.target.wants
systemd-reboot.service

I feel like I’m missing something obvious, any hints are very much appreciated

chipaca · February 21, 2019, 1:29pm

I think

is the gist of it

ogra · February 21, 2019, 1:57pm

here is an example snap that i use for some automated/unattended appliance setup:

take a look at the “netplan-import” script at line 41/42

github.com

ogra1/dashkiosk-client-image-config/blob/master/netplan-import#L41


            DIR="$(udisksctl info --block-device "$devname"|grep MountPoints:| sed 's/MountPoints: //')"
            if ls -lha $DIR/netplan.yaml >/dev/null 2>&1; then
                echo "copying netplan.yaml in place"
                cp -av $DIR/netplan.yaml /etc/netplan/00-snapd-config.yaml
                echo "unmounting $devname"
                udisksctl unmount --block-device "$devname" --no-user-interaction
                #echo "rebooting for netplan generate/apply"
                dbus-send --system --print-reply \
                    --dest=org.freedesktop.login1 /org/freedesktop/login1 \
                    "org.freedesktop.login1.Manager.Reboot" boolean:true
            fi
            echo "unmounting $devname"
            udisksctl unmount --block-device "$devname" --no-user-interaction || true
        fi
    fi
fi

ClueMaster · August 16, 2021, 4:39am

Will this work on a Ubuntu Desktop snap, or only in a CORE snap? I am having permissions errors as well with my snap on desktop. Yes the manual plug for shutdown is added, and when you run the app with $sudo snap run --shell snap_name.app … it works and it reboots, but not if it auto starts up with the snap system util.

jamesh · August 16, 2021, 7:21am

The systemd D-Bus interface for shutdown/reboot should be available on all systems snapd is available on, including classic Linux systems.

What is the error you’re seeing?