Snappy

snap install not properly generating ConnectedSlot policy when auto-connecting via snap-declaration-allowed connection

Bug #1638334 reported by Jamie Strandboge
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
kevin gunn
Canonical System Image p2 "Ubuntu Personal"
Snappy
Fix Released
Undecided
Alberto Aguirre

Bug Description

Steps to reproduce in an amd64 VM using amd64 RC2 from http://cdimage.ubuntu.com/ubuntu-core/xenial/daily-preinstalled/current/:

(grab ./mir-client_0.24.1_amd64.snap from https://code.launchpad.net/~kgunn72/+snap/mir-client)

1. install mir-libs:
$ sudo snap install mir-libs --edge
$ snap interfaces|grep mir
mir-libs:mir-libs

2. install mir-kiosk
$ sudo snap install mir-kiosk --edge
$ snap interfaces|grep mir
:opengl mir-kiosk
mir-kiosk:mir -
mir-libs:mir-libs mir-kiosk

3. install mir-client
$ sudo snap install --dangerous ./mir-client_0.24.1_amd64.snap
$ snap interfaces|grep mir:
opengl mir-client,mir-kiosk
mir-kiosk:mir mir-client
mir-libs:mir-libs mir-kiosk

At this point, 'snap interfaces' output is correct and everything should be auto-connected. The mir-client (plug side) has the expected policy:

$ grep 'label="snap.mir-kiosk' /var/lib/snapd/apparmor/profiles/snap.mir-client.client-start
unix (receive, send) type=seqpacket addr=none peer=(label="snap.mir-kiosk.mir-kiosk"),

However, the the mir-kiosk (slot side) does not have the expected policy:

$ grep 'label="snap.mir-client' /var/lib/snapd/apparmor/profiles/snap.mir-kiosk.mir-kiosk
$

WORKAROUND: disconnect and connect the interface manually:

$ sudo snap disconnect mir-client:mir mir-kiosk:mir
$ sudo snap connect mir-client:mir mir-kiosk:mir
$ grep 'label="snap.mir-client' /var/lib/snapd/apparmor/profiles/snap.mir-kiosk.mir-kiosk
unix (receive, send) type=seqpacket addr=none peer=(label="snap.mir-client.client-start"),

Additional information:
$ snap list
Name Version Rev Developer Notes
core 16.04.1 324 canonical -
mir-client 0.24.1 x1 -
mir-kiosk 0.1 1 albaguirre -
mir-libs 0.1 1 albaguirre -
pc 16.04-0.8 9 canonical -
pc-kernel 4.4.0-45-3 34 canonical -

Relevant content from interfaces/builtin/basedeclaration.go (ie, it is meant to allow auto-connection when a snap declaration for a slot implementation of mir has 'allow-connection: true' (which is why deny-auto-connection is omitted from the base declaration):
   mir:
     allow-installation:
       slot-snap-type:
         - app
     deny-connection: true

$ sudo snap download mir-kiosk --edge
$ cat ./mir-kiosk_1.assert
...
type: snap-declaration
format: 1
...
slots:
  mir:
    allow-connection: true

Note, I also adjusted the snap declaration in the store to have:
type: snap-declaration
format: 1
...
slots:
  mir:
    allow-connection: true
    allow-auto-connection: true

and it did not make a difference. Note, while mir-client above is locally installed, I created test-mir-client-jdstrand and uploaded to the store, and the ConnectedSlot policy is not correct:

$ sudo snap install test-mir-client-jdstrand --edge
test-mir-client-jdstrand (edge) 0 from 'jdstrand' installed
$ grep 'label="snap.test-mir-client-jdstrand' /var/lib/snapd/apparmor/profiles/snap.mir-kiosk.mir-kiosk
$
$ sudo snap disconnect test-mir-client-jdstrand:mir mir-kiosk:mir
$ sudo snap connect test-mir-client-jdstrand:mir mir-kiosk:mir
$ grep 'label="snap.test-mir-client-jdstrand' /var/lib/snapd/apparmor/profiles/snap.mir-kiosk.mir-kiosk
unix (receive, send) type=seqpacket addr=none peer=(label="snap.test-mir-client-jdstrand.sh"),

See original description
Jamie Strandboge (jdstrand)
description: updated
description: updated
description: updated
Jamie Strandboge (jdstrand)
description: updated
Jamie Strandboge (jdstrand)
description: updated
tags: added: snapd-interface
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

We don't consider auto-connections for slots, just for plugs. We'll fix it next week.

Changed in snappy:
status: New → Triaged
Revision history for this message
Alberto Aguirre (albaguirre) wrote :

A fix for the issue: https://github.com/snapcore/snapd/pull/2256

Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
assignee: nobody → Kevin Gunn (kgunn)
importance: Undecided → High
milestone: none → p1
status: New → In Progress
assignee: Kevin Gunn (kgunn) → kevin gunn (kgunn72)
tags: added: personal
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
milestone: p1 → p2
Changed in snappy:
status: Triaged → In Progress
assignee: nobody → Alberto Aguirre (albaguirre)
Michał Sawicz (saviq)
Changed in canonical-devices-system-image:
status: In Progress → Fix Released
Changed in snappy:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.