Hi,
I've built a snap package which contains a Java installation and some
own Java classes. Those are used to get a list of connected USB devices
and their information using the usb4java framework and the snap has been
configured to run the Java program as a service.
Java is running fine so far, but the USB library gets blocked by AppArmor:
root@localhost:~# dmesg | tail
...
[ 2011.571481] audit: type=1400 audit(1430121893.543:22):
apparmor="DENIED" operation="open"
profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/bus/"
pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[ 2011.571587] audit: type=1400 audit(1430121893.543:23):
apparmor="DENIED" operation="open"
profile="rda-watchdog.sideload_rda-watchdog_0.1" name="/sys/class/"
pid=1648 comm="java" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
It seems like the library needs access to a lot of sub-directories of
/sys/ in order to find out which USB devices are connected.
For granting access to single device nodes, I know there is "snappy
hw-assign", but is there also a way to "unblock" the /sys/ directory for
reading? Changing the AppArmor profile by hand and compiling it seems to
be a bad option since the changes get lost on updates and/or re-installs.
Thanks in advance for any help!
--
snappy-devel mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/snappy-devel
