On Thu, 2016-07-21 at 10:26 -0700, Martin Winter wrote: > I’m running into a weird issue here while trying to get the correct > plugs added and they don’t seem to get detected/parsed correctly: > > My snapcraft.yaml looks like this (extract for a simple process only): > > […] > apps: > ospf6d: > command: bin/ospf6d-service > daemon: simple > plugs: > - firewall-control > - network > - network-bind > - network-control > - network-observe > […] > > But when I run the program, I still get the following error: > (with snappy-debug.security scanlog quagga) > > = AppArmor = > Time: Jul 21 10:13:38 > Log: apparmor="DENIED" operation="create" profile="snap.quagga.ospf6d" > pid=20622 comm="ospf6d" family="inet6" sock_type="raw" protocol=89 > requested_mask="create" denied_mask="create" > Suggestion: > * add one of 'firewall-control, network-control, network-observe' to > 'plugs' > > Looking at the interfaces with the snap command, I see the following: > > # snap interfaces > Slot Plug > :camera - > :cups-control - > :firewall-control - > :gsettings - > :home - > :locale-control - > :log-observe snappy-debug > :modem-manager - > :mount-observe - > :network quagga > :network-bind quagga > :network-control - > :network-manager - > :network-observe - > :opengl - > :optical-drive - > :ppp - > :pulseaudio - > :snapd-control - > :system-observe - > :timeserver-control - > :timezone-control - > :unity7 - > :x11 - > - quagga:firewall-control > - quagga:network-control > - quagga:network-observe > > > Question: > > Why is firewall-control / network-control / network-observe not > correctly detected? It looks like it gets prefixed by “quagga:” and > not assigned the correct Slot. > > (This is Ubuntu 16.04, Snapcraft 2.12, snap 2.0.10) >
They are detected but not automatically connected because firewall-control, network-control and network-observe give privileged access to the system. After install, you should do: $ sudo snap connect quagga:firewall-control ubuntu-core:firewall-control $ sudo snap connect quagga:network-control ubuntu-core:network-control $ sudo snap connect quagga:network-observe ubuntu-core:network-observe Once done, this will be remembered on upgrades (but not remove/install). AIUI the snappy team is discussing how to make this easier and discoverable. This was also discussed a bit here: https://lists.ubuntu.com/archives/snapcraft/2016-July /000416.html Side note for those interested in cross-distro: AIUI, at some point 'ubuntu- core' will both not be required in the command (ie, use ':firewall-control') and 'ubuntu-core' will be renamed to not include 'ubuntu' (ie, use '<TBD>:firewall- control'). -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
