We’ve not allowed this access thus far since we can’t currently limit the access to the pids of the snap and the access could allow access to sensitive information between snaps and the system. PTRACE_MODE_ATTACH_FSCREDS check see ptrace(2). Permission to access this file is governed by a ptrace access mode This file can be used to access the pages of a process's memory * adjust program to not access proc’ has this to say about this file: /proc//mem * add 'system-files (see for acceptance criteria)' to 'plugs' * adjust program to read necessary files from $SNAP, $SNAP_DATA, $SNAP_COMMON, $SNAP_USER_DATA or $SNAP_USER_COMMON Log: apparmor="DENIED" operation="open" profile="" name="/etc/openal/nf" pid=31489 comm="webots-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Log: apparmor="DENIED" operation="open" profile="" name="/proc/31497/mem" pid=31497 comm="QtWebEngineProc" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Log: apparmor="DENIED" operation="open" profile="" name="/proc/31496/setgroups" pid=31496 comm="webots-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000
* adjust program to not access AppArmor = Here are the hopefully harmless warnings I get from snappy-debug: kernel.printk_ratelimit = 0 I just pushed a new build of my app (webots) using snapcraft push for your review. This is really needed by the application to determine the model of the graphics card and adapt the OpenGL settings automatically from this information. The only requirement I have for you is to enable auto-connection of the hardware-observe interface: snap connect webots:hardware-observe. Remain only 4 warnings which I assume are harmless because the application behaves properly. I managed to get rid of most of the warnings and errors reported by snappy-debug. I googled a bit with these errors, but got no luck…
Unfortunately I have no clue to address them. ContextResult::kFatalFailure: AllocateAndMapSharedMemory failed Failed to adjust OOM score of renderer with pid 40188: Permission denied (13) However, I get many warnings which look serious: Failed to open file: /snap/core18/1074/lib/x86_64-linux-gnu/ld-2.27.so Now that the hardware-observe problem is fixed, webots starts and displays the 3D view, the robot are running apparently properly. Shall I give up with strict confinement and ask a review for a classic confinement? Or is there still any hope that webots could be allowed to read /sys/bus/pci? Plugs: ĭesktop: usr/share/webots/resources/sktopĬommand: desktop-launch $SNAP/usr/share/webots/webots I tried to add a plug in my snapcraft.yaml file, but that doesn’t help: plugs: Pcilib: Cannot open /sys/bus/pci/devices/0000:00:17.0/resource: Permission denied Unfortunately, AppArmor doesn’t like it and prevents webots from reading this file in particular: I tried hard to make it work with strict confinement, but failed mainly for the following reason: webots uses pcilib to read information on the graphics card (model, memory, etc. I have created a snap with classic confinement which works fine locally and which I just pushed to snapcraft.io. We are developing webots ( ) and would like to provide a snap for it on Linux.
0 kommentar(er)
