snapd

Bug #1866424
Comment #6

Comment 6 for bug 1866424

Revision history for this message

Ondrej Kubik (ondrak) wrote on 2020-03-10: Re: [Bug 1866424] Re: refresh fails when gpio is not exported

we should also consider case:
gadget: slots: gpio-1
gpio-2
gpio-3

snap-a: plug: gpio-control

snap-b: plug: gpio: connected to gpio-1, gpio-2

If snap-a unexports gpio-2, we should probably try to export it again.
Since now snap-b has no gpio-2 or way to restore it
Obviously it's bad situation already, but we might try to fix it at this
point. Since we already have service to export that gpio anyway.
just thinking loud :)

On Tue, Mar 10, 2020 at 5:20 PM Michael Vogt <email address hidden>
wrote:

> Some ideas from Zyga:
>
> <zyga> mvo: when an interface instance (plug or slot)'s corresponding
> method fails, we could mark it as bad and skip it in the profile generation
> <zyga> mvo: we could warn (finally a use case for warnings)
> <zyga> mvo: it would require some changes around but not too hard
> <zyga> mvo: I would rather do it at interface level
> <zyga> mvo: rather than at the level of a specific method
> <zyga> mvo: because it's more proper, in my eyes, to say "this plug or
> slot is entirely absent"
> ...
> <zyga> mvo: rather than to say "a specific part of the implementation
> failed so we skipped it"
> <zyga> mvo: since those can have security implications
> <zyga> mvo: .e.g. apparmor gave you access to /dev but udev tagging failed
> so you have open access
>
> ** Changed in: snapd
> Status: New => Triaged
>
> ** Changed in: snapd
> Importance: Undecided => Critical
>
> ** Changed in: snapd
> Importance: Critical => High
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1866424
>
> Title:
> refresh fails when gpio is not exported
>
> Status in snapd:
> Triaged
>
> Bug description:
> snapd: 2.44~pre1
> preconditions:
> - gadget snap has defined multiple gpio slots
> - there are snap(s) with gpio plugs connected to those slots
> - not all gpios are exported at the time of refresh
>
> expected result:
> snap refresh refreshes snaps
>
> actual result:
> snapd goes cuckoo and refresh fails with:
> error: cannot perform the following tasks:
> - Setup snap "snapd" (6709) security profiles (cannot setup profiles for
> snap "my-gpio-consuming-snap": cannot obtain apparmor specification for
> snap "my-gpio-consuming-snap": lstat /sys/class/gpio/gpio401: no such file
> or directory)
>
> checking the system, reported gpio is not exported so file path is not
> valid at the time of refresh. plug and slot for defined gpio pin are
> connected though
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/snapd/+bug/1866424/+subscriptions
>

we should also consider case:
gadget: slots: gpio-1
                      gpio-2
                      gpio-3

snap-a: plug: gpio-control

snap-b: plug: gpio: connected to gpio-1, gpio-2

On Tue, Mar 10, 2020 at 5:20 PM Michael Vogt <michael.vogt@canonical.com>
wrote:

> Some ideas from Zyga:
>
> <zyga> mvo: when an interface instance (plug or slot)'s corresponding
> method fails, we could mark it as bad and skip it in the profile generation
> <zyga> mvo: we could warn (finally a use case for warnings)
> <zyga> mvo: it would require some changes around but not too hard
> <zyga> mvo: I would rather do it at interface level
> <zyga> mvo: rather than at the level of a specific method
> <zyga> mvo: because it's more proper, in my eyes, to say "this plug or
> slot is entirely absent"
> ...
> <zyga> mvo: rather than to say "a specific part of the implementation
> failed so we skipped it"
> <zyga> mvo: since those can have security implications
> <zyga> mvo: .e.g. apparmor gave you access to /dev but udev tagging failed
> so you have open access
>
> ** Changed in: snapd
>        Status: New => Triaged
>
> ** Changed in: snapd
>    Importance: Undecided => Critical
>
> ** Changed in: snapd
>    Importance: Critical => High
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1866424
>
> Title:
>   refresh fails when gpio is not exported
>
> Status in snapd:
>   Triaged
>
> Bug description:
>   snapd: 2.44~pre1
>   preconditions:
>    - gadget snap has defined multiple gpio slots
>    - there are snap(s) with gpio plugs connected to those slots
>    - not all gpios are exported at the time of refresh
>
>   expected result:
>    snap refresh refreshes snaps
>
>   actual result:
>   snapd goes cuckoo and refresh fails with:
>   error: cannot perform the following tasks:
>   - Setup snap "snapd" (6709) security profiles (cannot setup profiles for
> snap "my-gpio-consuming-snap": cannot obtain apparmor specification for
> snap "my-gpio-consuming-snap": lstat /sys/class/gpio/gpio401: no such file
> or directory)
>
>   checking the system, reported gpio is not exported so file path is not
>   valid at the time of refresh. plug and slot for defined gpio pin are
>   connected though
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/snapd/+bug/1866424/+subscriptions
>