cannot specify /sys/class/gpio/export with hw-assign
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Snappy | Status tracked in Trunk | |||||
15.04 |
Fix Released
|
Critical
|
Michael Vogt | |||
Trunk |
Fix Released
|
Critical
|
Michael Vogt |
Bug Description
A snap is trying to access /sys/class/
Aug 25 18:24:51 localhost kernel: [24189.210410] audit: type=1400 audit(144052709
Try to use hw-assign to allow it:
$ sudo snappy hw-assign led-blinker /sys/class/
invalid hardware device
The problem in in hwaccess.go the check is too strict:
// Return true if the device string is a valid device
func validDevice(device string) bool {
return strings.
}
We should also allow /sys/class/
WORKAROUND:
People encountering this can update the profile manually be editing /var/lib/
/sys/
/sys/
Then do:
$ sudo apparmor_parser -r /var/lib/
This change will survive reboots but it will be lost if you reinstall/upgrade the snap or if you use hw-assign after making the change (since it regenerates the profile).
Related branches
- Jamie Strandboge (community): Approve
- Federico Gimenez: Pending (continuous-integration) requested
-
Diff: 46 lines (+19/-3)2 files modifiedsnappy/hwaccess.go (+9/-1)
snappy/hwaccess_test.go (+10/-2)
- Jamie Strandboge (community): Approve
-
Diff: 46 lines (+19/-3)2 files modifiedsnappy/hwaccess.go (+9/-1)
snappy/hwaccess_test.go (+10/-2)
Changed in snappy: | |
importance: | Undecided → Critical |
description: | updated |
description: | updated |
Changed in snappy: | |
assignee: | nobody → Michael Vogt (mvo) |
description: | updated |