Re: Issues using dbus in strict

2017-04-03 Thread Sergey Borovkov 
So once the interfaces are connected the following happens:

1. In websocket service (the one that just calls methods over dbus) I can
get system bus without any issues.
2. In the second service, the one that exposes dbus interface I get
following exception when running this code:

try:
bus = SystemBus()
bus.publish("com.screenly.playlist", playlist_service)
except:
log = logging.getLogger('screenly.PlaylistService')
log.exception("Unable to register on system bus: ")

Apr 03 19:53:49 localhost.localdomain python3[1246]: screenly.PlaylistService
Unable to register on system bus:
Traceback (most recent
call last):
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/pydbus/bus.py", line
43, in dbus
return self._dbus
AttributeError: 'Bus'
object has no attribute '_dbus'

During handling of the
above exception, another exception occurred:

Traceback (most recent
call last):
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/screenly/client/playlist.py",
line 605, in main

bus.publish("com.screenly.playlist",
playlist_service)
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/pydbus/publication.py",
line 42, in publish
return
Publication(self, bus_name, *objects)
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/pydbus/publication.py",
line 35, in __init__

self._at_exit(bus.request_name(bus_name,
allow_replacement=allow_replacement, replace=replace).__exit__)
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/pydbus/request_name.py",
line 29, in request_name
return
NameOwner(self, name, allow_replacement, replace)
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/pydbus/request_name.py",
line 8, in __init__
res =
bus.dbus.RequestName(name, flags)
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/pydbus/bus.py", line
45, in dbus
self._dbus =
self.get(".DBus")[""]
  File
"/snap/screenly-client/x1/lib/python3.5/site-packages/pydbus/proxy.py",
line 47, in get
0,
timeout_to_glib(timeout), None)
GLib.GError:
g-dbus-error-quark: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An
AppArmor policy prevents this sender from sending this message to this
recipient; type="
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Issues using dbus in strict

2017-04-03 Thread Jamie Strandboge 
On Mon, 2017-04-03 at 17:57 +0300, Sergey Borovkov wrote:
> Hi, I manually connected interfaces. But the issue is that it can't even
> connect to system bus? Before trying to call any methods.
> 
I'm slightly confused, so let's back up. It sounds like you are saying that you
install the snap and the client isn't allowed to connect to the system bus
before the interfaces are connected. Once the interfaces are connected, things
work correctly. Is this accurate?

If so, this is how the dbus interface is designed. The slots side (the service)
is given enough permissions to run at all (eg, to connect to the system bus to
bind to the well-known name) and the client has no permissions to use the
service until a connection is made. Since your client isn't plugging anything
else that uses the system bus, access to the system bus itself will be denied
until interfaces that allow access to it are connected (eg, you connect your
client to your service).

If not, can you please describe the steps taken when you see the issue?


> root@localhost:/home/pi# snap interfaces
> Slot  Plug
> :account-control  -
> :alsa -
> :autopilot-introspection  -
> :bluetooth-control-
> :browser-support  screenly-client:browser-support-plug
> :camera   -
> :classic-support  -
> :core-support core
> :dcdbas-control   -
> :docker-support   -
> :firewall-control -
> :framebuffer  screenly-client
> :fuse-support -
> :hardware-observe -
> :home -
> :io-ports-control -
> :kernel-module-control-
> :locale-control   -
> :log-observe  screenly-client
> :lxd-support  -
> :mount-observe-
> :network  screenly-client,screenly-pi3
> :network-bind core,screenly-client
> :network-control  -
> :network-observe  -
> :network-setup-control-
> :network-setup-observe-
> :opengl   screenly-client
> :openvswitch-support  -
> :physical-memory-control  -
> :physical-memory-observe  -
> :ppp  -
> :process-control  -
> :raw-usb  -
> :removable-media  -
> :shutdown -
> :snapd-control-
> :system-observe   -
> :system-trace -
> :time-control -
> :timeserver-control   -
> :timezone-control -
> :tpm  -
> :uhid -
> screenly-client:playlist-dbus-server  screenly-client:playlist-dbus-client
> screenly-pi3:bcm-gpio-0   -
> screenly-pi3:bcm-gpio-1   -
> screenly-pi3:bcm-gpio-10  -
> screenly-pi3:bcm-gpio-11  -
> screenly-pi3:bcm-gpio-12  -
> screenly-pi3:bcm-gpio-13  -
> screenly-pi3:bcm-gpio-14  -
> screenly-pi3:bcm-gpio-15  -
> screenly-pi3:bcm-gpio-16  -
> screenly-pi3:bcm-gpio-17  -
> screenly-pi3:bcm-gpio-18  -
> screenly-pi3:bcm-gpio-19  -
> screenly-pi3:bcm-gpio-2   -
> screenly-pi3:bcm-gpio-20  -
> screenly-pi3:bcm-gpio-21  -
> screenly-pi3:bcm-gpio-22  -
> screenly-pi3:bcm-gpio-23  -
> screenly-pi3:bcm-gpio-24  -
> screenly-pi3:bcm-gpio-25  -
> screenly-pi3:bcm-gpio-26  -
> screenly-pi3:bcm-gpio-3   -
> screenly-pi3:bcm-gpio-4   -
> screenly-pi3:bcm-gpio-5   -
> screenly-pi3:bcm-gpio-6   -
> screenly-pi3:bcm-gpio-7   -
> screenly-pi3:bcm-gpio-8   -
> screenly-pi3:bcm-gpio-9   -
> - screenly-pi3:snapd-control
> 
> 
> On 3 April 2017 at 16:58, Jamie Strandboge  wrote:
> 
> > 
> > On Fri, 2017-03-31 at 17:55 +0300, Sergey Borovkov wrote:
> > 
> > ...
> > 
> > > 
> > > Mar 31 12:44:02 localhost.localdomain kernel: audit: type=1400
> > > audit(1490964242.523:72): apparmor="DENIED" operation="connect" profile=
> > > "snap.screenly-client.websocket" name="/run/dbus/system_bus_socket"
> > > pid=1466 comm="python3" req
> > > Mar 31 12:44:02 localhost.localdomain audit[1466]: AVC apparmor="DENIED"
> > > operation="connect" profile="snap.screenly-client.websocket" name="/
> > > run/dbus/system_bus_socket" pid=1466

Re: Issues using dbus in strict

2017-04-03 Thread Sergey Borovkov 
Hi, I manually connected interfaces. But the issue is that it can't even
connect to system bus? Before trying to call any methods.

root@localhost:/home/pi# snap interfaces
Slot  Plug
:account-control  -
:alsa -
:autopilot-introspection  -
:bluetooth-control-
:browser-support  screenly-client:browser-support-plug
:camera   -
:classic-support  -
:core-support core
:dcdbas-control   -
:docker-support   -
:firewall-control -
:framebuffer  screenly-client
:fuse-support -
:hardware-observe -
:home -
:io-ports-control -
:kernel-module-control-
:locale-control   -
:log-observe  screenly-client
:lxd-support  -
:mount-observe-
:network  screenly-client,screenly-pi3
:network-bind core,screenly-client
:network-control  -
:network-observe  -
:network-setup-control-
:network-setup-observe-
:opengl   screenly-client
:openvswitch-support  -
:physical-memory-control  -
:physical-memory-observe  -
:ppp  -
:process-control  -
:raw-usb  -
:removable-media  -
:shutdown -
:snapd-control-
:system-observe   -
:system-trace -
:time-control -
:timeserver-control   -
:timezone-control -
:tpm  -
:uhid -
screenly-client:playlist-dbus-server  screenly-client:playlist-dbus-client
screenly-pi3:bcm-gpio-0   -
screenly-pi3:bcm-gpio-1   -
screenly-pi3:bcm-gpio-10  -
screenly-pi3:bcm-gpio-11  -
screenly-pi3:bcm-gpio-12  -
screenly-pi3:bcm-gpio-13  -
screenly-pi3:bcm-gpio-14  -
screenly-pi3:bcm-gpio-15  -
screenly-pi3:bcm-gpio-16  -
screenly-pi3:bcm-gpio-17  -
screenly-pi3:bcm-gpio-18  -
screenly-pi3:bcm-gpio-19  -
screenly-pi3:bcm-gpio-2   -
screenly-pi3:bcm-gpio-20  -
screenly-pi3:bcm-gpio-21  -
screenly-pi3:bcm-gpio-22  -
screenly-pi3:bcm-gpio-23  -
screenly-pi3:bcm-gpio-24  -
screenly-pi3:bcm-gpio-25  -
screenly-pi3:bcm-gpio-26  -
screenly-pi3:bcm-gpio-3   -
screenly-pi3:bcm-gpio-4   -
screenly-pi3:bcm-gpio-5   -
screenly-pi3:bcm-gpio-6   -
screenly-pi3:bcm-gpio-7   -
screenly-pi3:bcm-gpio-8   -
screenly-pi3:bcm-gpio-9   -
- screenly-pi3:snapd-control


On 3 April 2017 at 16:58, Jamie Strandboge  wrote:

> On Fri, 2017-03-31 at 17:55 +0300, Sergey Borovkov wrote:
>
> ...
>
> > Mar 31 12:44:02 localhost.localdomain kernel: audit: type=1400
> > audit(1490964242.523:72): apparmor="DENIED" operation="connect" profile=
> > "snap.screenly-client.websocket" name="/run/dbus/system_bus_socket"
> > pid=1466 comm="python3" req
> > Mar 31 12:44:02 localhost.localdomain audit[1466]: AVC apparmor="DENIED"
> > operation="connect" profile="snap.screenly-client.websocket" name="/
> > run/dbus/system_bus_socket" pid=1466 comm="python3" requested_mask="wr"
> > denied_mask="wr"
> >
> > I am not sure if I need to use some additional interfaces - to get it
> > working under devmode I've used the following code (And I can't find
> > anything relevant in wiki):
> >
> >   playlist:
> > command: usr/bin/playlist-service.sh
> > daemon: simple
> > plugs: [network-bind, network]
> > slots: [playlist-dbus-server]
> >
> >   websocket:
> > command: usr/bin/websocket-service.sh
> > daemon: simple
> > plugs: [network-bind, network, playlist-dbus-client]
> >
> > slots:
> >   playlist-dbus-server:
> > interface: dbus
> > name: com.screenly.playlist
> > bus: system
> >
> > plugs:
> >   playlist-dbus-client:
> > interface: dbus
> > name: com.screenly.playlist
> > bus: system
>
> You shouldn't need additional interfaces. It sounds like your interfaces
> are not
> connected. What is the output of 'snap interfaces'?
>
> --
> Jamie Strandboge | http://www.canonical.com
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or

Re: Issues using dbus in strict

2017-04-03 Thread knitzsche 

Hi Jamie,

Do you have any input on this issue?

thanks

On 03/31/2017 10:55 AM, Sergey Borovkov wrote:

Hi. I am running a couple of daemons (daemon: simple) and they interact
between each other using dbus. Unfortunately I've ran into the issue when
porting them from devmode to strict, I am getting this backtrace just
trying to obtain SystemBus in python:

Mar 31 12:44:02 localhost.localdomain snap[1466]: GLib.Error:
g-io-error-quark: Could not connect: Permission denied (14)
Mar 31 12:44:02 localhost.localdomain snap[1466]: return Gio.bus_get_sync(type,
None).pydbus
Mar 31 12:44:02 localhost.localdomain snap[1466]: File "/snap/screenly-
client/165/lib/python3.5/site-packages/pydbus/bus.py", line 19, in bus_get
Mar 31 12:44:02 localhost.localdomain snap[1466]: return bus_get(Bus.Type.
SYSTEM)
Mar 31 12:44:02 localhost.localdomain snap[1466]: File "/snap/screenly-
client/165/lib/python3.5/site-packages/pydbus/bus.py", line 57, in SystemBus
Mar 31 12:44:02 localhost.localdomain snap[1466]: self.bus = SystemBus()
Mar 31 12:44:02 localhost.localdomain kernel: audit: type=1400
audit(1490964242.523:72): apparmor="DENIED" operation="connect" profile=
"snap.screenly-client.websocket" name="/run/dbus/system_bus_socket"
pid=1466 comm="python3" req
Mar 31 12:44:02 localhost.localdomain audit[1466]: AVC apparmor="DENIED"
operation="connect" profile="snap.screenly-client.websocket" name="/
run/dbus/system_bus_socket" pid=1466 comm="python3" requested_mask="wr"
denied_mask="wr"

I am not sure if I need to use some additional interfaces - to get it
working under devmode I've used the following code (And I can't find
anything relevant in wiki):

  playlist:
command: usr/bin/playlist-service.sh
daemon: simple
plugs: [network-bind, network]
slots: [playlist-dbus-server]

  websocket:
command: usr/bin/websocket-service.sh
daemon: simple
plugs: [network-bind, network, playlist-dbus-client]

slots:
  playlist-dbus-server:
interface: dbus
name: com.screenly.playlist
bus: system

plugs:
  playlist-dbus-client:
interface: dbus
name: com.screenly.playlist
bus: system



--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Issues using dbus in strict

2017-03-31 Thread knitzsche 

Hi folks, any tips here to unblock this critical issue? Thanks

On 03/31/2017 10:55 AM, Sergey Borovkov wrote:

Hi. I am running a couple of daemons (daemon: simple) and they interact
between each other using dbus. Unfortunately I've ran into the issue when
porting them from devmode to strict, I am getting this backtrace just
trying to obtain SystemBus in python:

Mar 31 12:44:02 localhost.localdomain snap[1466]: GLib.Error:
g-io-error-quark: Could not connect: Permission denied (14)
Mar 31 12:44:02 localhost.localdomain snap[1466]: return Gio.bus_get_sync(type,
None).pydbus
Mar 31 12:44:02 localhost.localdomain snap[1466]: File "/snap/screenly-
client/165/lib/python3.5/site-packages/pydbus/bus.py", line 19, in bus_get
Mar 31 12:44:02 localhost.localdomain snap[1466]: return bus_get(Bus.Type.
SYSTEM)
Mar 31 12:44:02 localhost.localdomain snap[1466]: File "/snap/screenly-
client/165/lib/python3.5/site-packages/pydbus/bus.py", line 57, in SystemBus
Mar 31 12:44:02 localhost.localdomain snap[1466]: self.bus = SystemBus()
Mar 31 12:44:02 localhost.localdomain kernel: audit: type=1400
audit(1490964242.523:72): apparmor="DENIED" operation="connect" profile=
"snap.screenly-client.websocket" name="/run/dbus/system_bus_socket"
pid=1466 comm="python3" req
Mar 31 12:44:02 localhost.localdomain audit[1466]: AVC apparmor="DENIED"
operation="connect" profile="snap.screenly-client.websocket" name="/
run/dbus/system_bus_socket" pid=1466 comm="python3" requested_mask="wr"
denied_mask="wr"

I am not sure if I need to use some additional interfaces - to get it
working under devmode I've used the following code (And I can't find
anything relevant in wiki):

  playlist:
command: usr/bin/playlist-service.sh
daemon: simple
plugs: [network-bind, network]
slots: [playlist-dbus-server]

  websocket:
command: usr/bin/websocket-service.sh
daemon: simple
plugs: [network-bind, network, playlist-dbus-client]

slots:
  playlist-dbus-server:
interface: dbus
name: com.screenly.playlist
bus: system

plugs:
  playlist-dbus-client:
interface: dbus
name: com.screenly.playlist
bus: system



--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Issues using dbus in strict

2017-03-31 Thread Sergey Borovkov 
Hi. I am running a couple of daemons (daemon: simple) and they interact
between each other using dbus. Unfortunately I've ran into the issue when
porting them from devmode to strict, I am getting this backtrace just
trying to obtain SystemBus in python:

Mar 31 12:44:02 localhost.localdomain snap[1466]: GLib.Error:
g-io-error-quark: Could not connect: Permission denied (14)
Mar 31 12:44:02 localhost.localdomain snap[1466]: return Gio.bus_get_sync(type,
None).pydbus
Mar 31 12:44:02 localhost.localdomain snap[1466]: File "/snap/screenly-
client/165/lib/python3.5/site-packages/pydbus/bus.py", line 19, in bus_get
Mar 31 12:44:02 localhost.localdomain snap[1466]: return bus_get(Bus.Type.
SYSTEM)
Mar 31 12:44:02 localhost.localdomain snap[1466]: File "/snap/screenly-
client/165/lib/python3.5/site-packages/pydbus/bus.py", line 57, in SystemBus
Mar 31 12:44:02 localhost.localdomain snap[1466]: self.bus = SystemBus()
Mar 31 12:44:02 localhost.localdomain kernel: audit: type=1400
audit(1490964242.523:72): apparmor="DENIED" operation="connect" profile=
"snap.screenly-client.websocket" name="/run/dbus/system_bus_socket"
pid=1466 comm="python3" req
Mar 31 12:44:02 localhost.localdomain audit[1466]: AVC apparmor="DENIED"
operation="connect" profile="snap.screenly-client.websocket" name="/
run/dbus/system_bus_socket" pid=1466 comm="python3" requested_mask="wr"
denied_mask="wr"

I am not sure if I need to use some additional interfaces - to get it
working under devmode I've used the following code (And I can't find
anything relevant in wiki):

  playlist:
command: usr/bin/playlist-service.sh
daemon: simple
plugs: [network-bind, network]
slots: [playlist-dbus-server]

  websocket:
command: usr/bin/websocket-service.sh
daemon: simple
plugs: [network-bind, network, playlist-dbus-client]

slots:
  playlist-dbus-server:
interface: dbus
name: com.screenly.playlist
bus: system

plugs:
  playlist-dbus-client:
interface: dbus
name: com.screenly.playlist
bus: system
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft