Here is the snappy-debug example when we generated our snap configured with gpio + gpio-control + gpio-memory-control plugs and installed with --dangerous:
= AppArmor =
Time: Jan 27 21:22:47
Log: apparmor="DENIED" operation="open" profile="snap.SNAPNAME.APPNAME" name="/dev/gpiochip0" pid=19145 comm="APPNAME" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
File: /dev/gpiochip0 (write)
However, if we install the same snap with --devmode the AppArmor allows access.
= AppArmor =
Time: Jan 27 21:40:14
Log: apparmor="ALLOWED" operation="open" profile="snap.SNAPNAME.APPNAME" name="/dev/gpiochip0" pid=29560 comm="APPNAME" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
File: /dev/gpiochip0 (write)
We already tried adding "/dev/gpiochip0 rw," on apparmor rule (/var/lib/snapd/apparmor/profiles/snap.SNAPNAME.APPNAME), but it didn't work as well.
We aim to use gpiod, which provides libgpiod2 + cli tools (like gpiodetect, gpioinfo, etc.) on one of our snap applications. /git.kernel. org/pub/ scm/libs/ libgpiod/ libgpiod. git/
https:/
During some experiments, we realized that no one of the supported interfaces allow access to /dev/gpiochip* to our snap application. /snapcraft. io/docs/ supported- interfaces
https:/
Here is the snappy-debug example when we generated our snap configured with gpio + gpio-control + gpio-memory-control plugs and installed with --dangerous: "snap.SNAPNAME. APPNAME" name="/ dev/gpiochip0" pid=19145 comm="APPNAME" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
= AppArmor =
Time: Jan 27 21:22:47
Log: apparmor="DENIED" operation="open" profile=
File: /dev/gpiochip0 (write)
However, if we install the same snap with --devmode the AppArmor allows access. "snap.SNAPNAME. APPNAME" name="/ dev/gpiochip0" pid=29560 comm="APPNAME" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
= AppArmor =
Time: Jan 27 21:40:14
Log: apparmor="ALLOWED" operation="open" profile=
File: /dev/gpiochip0 (write)
We already tried adding "/dev/gpiochip0 rw," on apparmor rule (/var/lib/ snapd/apparmor/ profiles/ snap.SNAPNAME. APPNAME) , but it didn't work as well.