network-control does not allow rfkill on raspberry pi3
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
Snapping a small script to read the rfkill state for a raspberry pi3 like:
apps:
toggle:
command: myscript
plugs: [network, network-control]
with a "myscript" like:
#! /bin/sh
grep -l "phy" /sys/class/
will result in:
Jul 31 09:52:57 pi3 kernel: [ 487.865163] audit: type=1400 audit(150149477
The network-control interface is allowed to provide full access to /dev/rfkill but obviously denies the actual device access to the respective network device ...
Changed in snapd: | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in snapd: | |
status: | New → Incomplete |
importance: | Undecided → Medium |
Can you add this rule and comment if it resolves the issue for you?
/sys/devices/ {pci[0- 9]*,platform/ soc}/** /rfkill[ 0-9]*/{ ,*} r,