Thanks @koza for helping!
Tried to enable introspection (which is allowed according to the apparmor file), and now getting one more error message:
ERROR:dbus.proxies:Introspect error on :1.4:/org/freedesktop/UDisks2/block_devices/mmcblk0p1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call",
sender=":1.2701" (uid=0 pid=6071 comm="python3 -m screenly.client.netconfig -c /var/snap/")
interface="org.freedesktop.DBus.Introspectable"
member="Introspect"
error name="(unset)"
requested_reply="0"
destination=":1.4" (uid=0 pid=1585 comm="/snap/udisks2/94/libexec/udisks2/udisksd ")
Yes, I can see now, even if my snap can send DBus messages to udiskd - udiskd is not allowed to receive anything but a restricted set of properties.
thanks, looking at it
shouldn’t it be screenly-client.netconfig instead?
No. That’s a module path and it’s not related to the udev labeling.
Notice that the rule below works just fine.
# Allow access to the Udisks2 API
dbus (receive, send)
bus=system
path=/org/freedesktop/UDisks2/**
interface=org.freedesktop.UDisks2.*
peer=(label="snap.screenly-client.netconfig"),
I guess - something wrong is with another rule
dbus (send)
bus=system
path=/org/freedesktop/UDisks2/**
interface=org.freedesktop.DBus.Properties
member=PropertiesChanged # <==== Maybe here? I don't know what does it mean, unforutnately
peer=(label="snap.screenly-client.netconfig"),
Ok, got it. Looking further
@renat2017 Which snapd version are you using? The generated rule has changed with https://github.com/snapcore/snapd/pull/3195 which is part of 2.25. Can you please check that you’re using the right snapd version?
@morphis, thank you for your response.
As I mentioned in the first post - I used snapd 2.26.4+git222.3172786~ubuntu16.04.1
. I use edge channel so maybe snap refresh core
will do the trick?
I will try to do so and I will try to downgrade if it won’t fix the issue.
Thanks.
Can you try to disconnect and connect the plug/slot again? Could be that the AppArmor profile wasn’t refreshed after snapd was updated.
@morphis, the issue stays the same:
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient;
type="method_call",
sender=":1.2077" (uid=0 pid=29776 comm="python3 -m screenly.client.netconfig -c /var/snap/")
interface="org.freedesktop.DBus.Properties"
member="Get"
error
name="(unset)"
requested_reply="0"
destination=":1.506" (uid=0 pid=8669 comm="/snap/udisks2/107/libexec/udisks2/udisksd ")
Snap version after the update is: snapd 2.26.4+git234.5f77219~ubuntu16.04.1
, so it was updated from 222 to 234.
Another update. Installing the client snap in devmode didn’t help. I will try to install the udisks2 in a devmode and look if it will help.
So, if I install the client snap in devmode, the issue doesn’t disappear and I am still getting errors related to the “Properties” interface. If I install udisks2 in devmode - errors related to the Properties interface disappear and only errors related to the “Introspectable” interface persist. If I install both client and udisks2 in devmode - all dbus errors disappear.
Can you paste the full AppArmor profile for your application and udisksd somehwere?
Thanks. I think I’ve found the problem. The problem is that we changed the plug side of the interface in https://github.com/snapcore/snapd/pull/3195 but didn’t covered the connected slot part (see https://github.com/snapcore/snapd/blob/master/interfaces/builtin/udisks2.go#L109).
Will sent a PR for this in a bit.
Thanks! I will test it as soon as it’s available on the edge channel.