[00:54] mm [00:55] mhall119: http://pastebin.ubuntu.com/23439646/ [00:55] it says I have a too old intltool but I have have a new one [00:55] 0.51 over 0.51 [00:55] *0.50 [00:55] ohhh [01:35] Are there any limitations to using snap within a chroot? I'm running xenial on a chromebook using crouton. Snapcraft with install-suggested seems to work fine but snap commands fail. [01:37] snap list . returns error: cannot list snaps: cannot communicate with server: Get http://localhost/v2/snaps: dial unix /run/snapd-snap.socket: connect: no such file or directory [01:37] trusty, yes [01:37] you cannot run snaps confined [01:37] or in a space where /dev, /proc, /sys, etc. are fake [01:37] err, snapd cannot be run confined [01:39] snaps can be run confined, obviously [01:39] That was my suspicion. Running the commands seemed to be dependent on /run/snapd-snap.socket but it doesn't exist when I try to find it. [01:41] Thanks for the quick answer, I couldn't find anything mentioning that limitation! [03:20] PR snapcraft#889 opened: Enable snap revision caching on 'push' === chihchun_afk is now known as chihchun [07:27] bonjello [08:50] qengho: on friday you mentioned "post-install runs have to be done at "stage" or "snap" time, when fabricating a snap package.", i've been finding info about how to run commands at "stage" or "snap" time and have failed :/ [08:50] some pointer? [08:51] oh, bad time for him [08:51] anyone else? ↑↑↑ [08:53] I don't know what he was referring to, but you can't have commands run at stage or snap time [08:54] however, in the install phase of any parts, you can have a custom plugin acting on the parts/part_name/install/ directory [09:00] tsdgeos: what's your use case to try to modify the stage/ or prime/ directory (and not install/ btw?) [09:00] didrocks: need to create the default cursor set [09:01] update-alternatives --install /usr/share/icons/default/index.theme \ [09:01] x-cursor-theme /usr/share/icons/DMZ-White/cursor.theme 100 [09:01] need to run this, or create the symlink by hand [09:03] i guess i could have a fake cmake part-plugin that ran that command? === davmor2_HOLS is now known as davmor2 [09:04] but looks kind of dirty [09:15] tsdgeos: I'm afraid, you don't have any other options [09:15] and this one can be after: [] [10:03] Bug #1639746 opened: Snap launching other snaps [10:08] i deel dirty now [10:08] https://code.launchpad.net/~aacid/unity8-session-snap/install_cursor_symlink/+merge/310169 [10:09] didrocks: I'd add checkbox (our QA test runner) to the list (the one you reported in #1639746) as we do need to run other snap commands from within the test snap [10:09] Bug #1639746: Snap launching other snaps [10:09] zyga is well aware of the issue [10:14] spineau: please do edit comment :) [10:14] didrocks: ok, I will. thanks [11:34] Bug #1638502 opened: Can't cancel email registration step === chihchun is now known as chihchun_afk [11:38] hello [11:39] i am quite new to snap actually i just used it the first time. I installed a service which is listening on the public ip address and i connect to it. works fine etc. but i actually want to change it so it will listen on the machines local interface so i can define an apache forward to the service. I am just not sure how to change the interface in snap can anyone point me to the right direction [11:46] Mirv, hey, what is the status of the launcher? Do you have something that you want me to try? [11:50] stgraber: Seems like the MR now has a weird CI failure where some Go API can't be pulled https://github.com/snapcore/snapd/pull/2225 [11:50] PR snapd#2225: Implement lxd-client interface exposing the lxd snap [12:02] renato__: I've a pull request (https://github.com/ubuntu/snapcraft-desktop-helpers/pull/18) not yet need for testing until it's actually really there. meanwhile update (if you did not yet) your references to ubuntu-app-platform, slot name to platform, and content: field to have version ("ubuntu-app-platform1") [12:02] PR ubuntu/snapcraft-desktop-helpers#18: Initial addition of ubuntu-app-platform shared snap use for Qt and other Ubuntu's libraries [12:04] Mirv, ok let me update that [12:05] Mirv, did you test if gtk apps works with this launcher. I was having problems to run calendar app last week [12:07] Mirv, I will try compile your snapcraft branch and test it with calendar app [12:09] renato__: not yet. it's not snapcraft branch but the cloud part branch. [12:11] steve___, i dont think that is something you can manage through the interface ... the interface is mainly an on/off switch for accessing or managing network at all from your snap ... your app would have to manage to only accept connections from 127.0.0.1 === hikiko is now known as hikiko|ln [13:02] qengho: "Do we have any way of knowing when snapcraft builder for launchpad-hosted snap building is updated?" This suggests some confusion about how it works. Launchpad doesn't have its own snapcraft version; it pulls snapcraft from the archive you point it to. There's no separate "update Launchpad's version" step. [13:07] sergiusens: hey, can you look over https://github.com/snapcore/snapcraft/pull/870? [13:07] PR snapcraft#870: sources: Add RPM source [13:16] hello, how can I set a snap have permission to write disk? [13:17] plugs [home] not enough I think [13:18] FJKong_: where do you want to write? You can only write to some specific directories [13:18] (see the documentation covering this and env variable where you can write to) [13:19] for example, the snap is a command line tool, it accept input from a file and output to another file,, maybe user want to save result to antwhere he wants [13:20] antwhere/anywhere [13:28] FJKong_: that's not the snap concept, you can have the home plug to save to home, but otherwise, you need to save in $SNAP_USER_DATA [13:28] didrocks: I see [13:33] ogra_: do you have/want a bug to expose the gpio interface in some boards like pi2/3? [13:33] want :) [13:33] (nobody filed one yet ... ) [13:33] which project? [13:34] I never know for gadget snaps what to use… [13:34] just snappy [13:34] ok, doing then! [13:34] (see topic) [13:34] yeah, but we do snapcraft for snapcraft ;) [13:34] and it's ubuntu core technically :p [13:35] well, the umbrella project is still "snappy" ... fgeel free to transition it to a new project name (and happy bug moving :P ) === hikiko|ln is now known as hikiko [13:42] ogra_: we have the launchpad api for this! :-) [13:42] PR snapd#2268 opened: many: merge snap-confine into snapd [13:42] cjwatson: Yes, I was confused. I guess the snapcraft version is the max of what's in the Source-archive Primary/PPA I pick, or the Pocket Updates/Release/Security/Proposed/Backports. [13:43] ogra_: if you want to grab it: https://bugs.launchpad.net/snappy/+bug/1639798 [13:43] Bug #1639798: enable gpio interface for rpi2/3 (and other boards if suited) [13:44] joc_, i think you had some example gadget for that, could you paste something to that bug ? ˝^˝^˝^ [13:44] Bug #1639798 opened: enable gpio interface for rpi2/3 (and other boards if suited) [13:44] qengho: More or less, yes. [13:44] qengho: Usual apt rules for the sources.list we write out, which you can pretty much infer from the build log. [13:46] thx === izznogooood is now known as izzno [13:49] ogra_: https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1639799 :) your welcome :) [13:49] Bug #1639799: No information provided on how to create an account if you don't have one [14:10] didrocks: hey, figure you might know...is there a recommended way of determining in a helper file if you're on ubuntu-core vs snaps-on-classic? [14:11] kgunn: oh, good question, I have some ideas (but hacks) [14:12] didrocks: isn't [ ! -d directoryname ] standard posix shell too, no need for command execution? [14:12] the host fs is in /var/lib/snapd/hostfs. I don't know if it's exported as well under ubuntu core, but if it is, you can use some files to """rely""" you are on classic or core [14:13] kgunn: this should help you ^ but I'm now curious and the obligatory question is what's your use-case? [14:13] Mirv: oh correct, way better :) [14:14] didrocks: right, pushed, thanks! [14:14] didrocks: Mirv ...so for instance, webbrowser could be on X11-classic, unity8/mir-classic & mir-kiosk-on-core [14:14] so can't just check for mir... [14:14] cause it could be either place [14:14] kgunn: one sec, testing something [14:15] didrocks: sure... [14:15] Mirv: merged, thanks! :) [14:15] kind surprised there's not a bespoke env var or something [14:15] kgunn: yeah, kind of same than not having ARCH_TRIPLET as well [14:15] kgunn, hmm ... theoretically /etc7os-release should tell you [14:15] */etc/os-release [14:16] but i just notice that mvo's patch isnt applied here so on a core image it doesnt say what it should [14:17] kgunn: ok, forget the /var/lib/snapd/hostfs idea, the security profile prevents you looking at it (I wonder why we do this bindmount thus) [14:17] maybe once mvo's pach is merged, ogra_'s suggestion will be the only one ^ [14:17] sure [14:17] ARGH " [14:17] ! [14:17] http://paste.ubuntu.com/23442090/ [14:18] ogra_: where is that change? e.g. can i rebuild snapd trunk? [14:18] 18-set-os-release.chroot: .... [14:18] ogra_: : !!! :) [14:18] (niote the colon) [14:18] i'll fix that now, but the fix will only be in the edge channel [14:18] kgunn: seemsit's only on the livefs build ^ :) [14:19] right, figured it was part of the image build step [14:19] Mirv: keep me posted if you need help testing once you upload something to the store, I'm interesting to help you there! [14:19] kgunn: for the socket path? Sounds like it's the same problem users of the lxd snap will have. My solution so far was to just try and fallback [14:20] FYI http://paste.ubuntu.com/23442095/ this is how it should look like [14:20] kgunn, so checking the ID field should be a good way [14:21] kalikiana_: ta [14:21] ogra_: thanks [14:21] * kgunn squirells away [14:21] didrocks: sure, thank you for the quick reviews [14:23] Mirv: was an easy task, you did all the hard stuff! :) [14:24] kalikiana_: and just to answer fully, there's a bunch of other env vars that you have to reset to include $SNAP like xdg and mir.... so it's more than just the socket [14:27] mwhudson: hey-- I saw your email regarding console-conf network rewrite. curious if that will fix ipv6 configuration. over the weekend I tried to setup a static ipv6 address on a bbb and it just wouldn't let me get even down into the form to input the info [14:27] mwhudson: it was like it did a check to see if it could do ipv6 and failed that and short-circuited. I updated /etc/netplan/00-* and did 'netplan apply' manually and it worked fine [14:28] mwhudson: I can file a bug if needed. I didn't yet cause I'm not sure yet where that bug should be filed... [14:31] jdstrand: is there an interface currently available that would fix this: https://issues.apache.org/jira/browse/COUCHDB-3226 ? [14:32] Erlang's os_mon library seems to be calling df, and couchdb uses that library to check on disk space usage [14:33] PR snapd#2247 closed: interfaces/builtin/mir: allow client access to /dev/shm/ [14:34] Just wanted to close a loop from a couple weeks ago... [14:35] I was having problems building a custom kernel snap then using ubuntu-core to build a custom image... [14:36] kgunn, didrocks, ah, i notice mvo already fixed the os-release file ... but only in the edge channel [14:36] After installing hello-world snap and rebooting; snapd failed to start because snapd was "too old". [14:37] ogra@dragon:~$ grep ^ID /etc/os-release [14:37] ID=ubuntu-core [14:37] So, with snapcraft kernel plugin modified to pull from stable and using ubuntu-image to build from stable, my custom image now works fine. I can install hello-world snap and reboot successfully. [14:37] MikeB_, what channel did your image use ? [14:37] niemeyer: where are we with the configure hook documentation? I saw someone asking in the mailing list, and I also would like to start using it for a project I'm working on [14:38] ah, stable [14:38] that was in fact way to old until last thu. [14:38] (when a new stable core snap was released) [14:39] so when you built after thu your image should be fine [14:39] ogra_, correct. I waited for stable to get a more modern ubuntu-core and that did seem to solve my problem. [14:39] all builds before thu from the stable channel would have had a 3 months old snapd [14:39] ogra_: oh ok :) [14:40] mhall119: if they shipped df themselves, they could use 'mount-observe'. I'll add df to that interface [14:41] ogra_, also nice to see that ubuntu-image can now build from stable without the workaround where you have to download the gadgets from ~vorlon/snappy-hub/snappy-systems. Looks like they are now included in stable. [14:41] yep [14:42] (they have been in edge and beta for months ... but we didnt have a stable release yet) [14:48] ogra_: right; I think we ought to have pushed them to stable well before now given that the stuff previously in "stable" wasn't of particular use, but it's done now :) [14:49] jdstrand: that would only work if os_mon called ${SNAP}/bin/df through wouldn't it? [14:49] yeah [14:49] mhall119: $SNAP/bin is in $PATH though via snapcraft or the wrapper script [14:50] mhall119: or if they set their PATH in a wrapper so that ${SNAP}/bin is before /bin [14:50] didrocks: I mean, if it's hard coded to look for /bin/df then simply including 'df' in the snap won't help [14:50] didrocks, hey I am trying to use Mirv shared content, with calendar app and I am getting this message "No schema files found: doing nothing." [14:50] ah, hardcoded… yeah, it's hardcoded :) [14:50] renato__: sounds like it's gsettings related? [14:50] oh if it is hard-coded, that is different [14:50] didrocks, this is related with gsettings schema, any Idea how to fix that? [14:50] jdstrand: yeah, that's what I'm checking on [14:50] renato__: do you have/rely on any? [14:50] that would also be a really weird thing to do-- they should not do that :) [14:51] didrocks, this does not happen with gtk-launch [14:51] haha [14:51] jdstrand: well.....Erlang.... [14:51] wishful thinking [14:51] regardless, I added to my todo to add df to mount-observe [14:51] didrocks, yes I am using eds libraries that rely on this [14:51] jdstrand: thanks [14:51] /j #rocketchat [14:51] renato__: I think you to stage it then. I doubt Mirv's platform runtime ships them [14:51] renato__: the launcher still handles them, if you have any [14:52] jdstrand: if 'df' is part of the ubuntu core image, and a snap has mount-observe, is there a risk in allowing it to execute /bin/df directly rather than including it? [14:52] mhall119: that is what I'm saying. no, there is no risk to that and I will be adding /bin/df to mount-observe [14:52] didrocks, I copied this from gtk-launch to my launcher: http://paste.ubuntu.com/23442214/ [14:53] jdstrand: ah, perfect, thanks [14:53] didrocks, I do not want to use gtk-launch this use a lot of space, we I am trying to avoid that [14:53] mhall119: the PATH stuff and including df in the snap is just for in the meantime [14:53] jdstrand: do you want me to open a bug report for that? [14:54] mhall119: you can if it helps you, but I don't need it (it is already in the policy updates card I will be working on soon) [14:54] renato__: ok, the gsettings schema compilation is harmless, I can add it to common [14:55] renato__: it will compile them if you have some .xml gsettings schema and $SNAP/usr/lib/$ARCH/glib-2.0/glib-compile-schemas installed [14:55] renato__: just be aware that until the gsettings interface is fixed, you need the home plug to access your changes from default [14:56] didrocks, humm something still missing, since this still not working if I copy this code to my launcher [14:56] but it work if I use gtk-launch [14:56] renato__: don't use the gtk-launch code though, it's quite ugly and not robust, but yeah, you might need a dep, do you have the glib-compile-schemas file? [14:57] didrocks, not in my project. Probably this is installed by eds-client libraries that is already part of Mirv package [14:59] renato__: you need to stage libglib2.0-bin then [14:59] if you don't, already [14:59] I don't think it's part of Mirv's platform runner [14:59] (and TBH, it shouldn't) [14:59] didrocks, I do not have any dep on my project anymore [15:00] didrocks, yeah Mirv has added glib and gtk on his project. I think [15:00] did he add the -bin binaries? [15:00] just check if you snap ship that file ^ [15:00] didrocks, I was hopping to replace gtk-launcher with his launcher [15:00] didrocks, my snap just ship the application files [15:00] renato__: that's what I'm trying you to help with :) [15:01] so, can you look if you have that file staged or as part of Mirv's platform runtime? ^ [15:01] renato__: not really, but I added the calendar deps to it (which might be too much if it brings too much in) - qtdeclarative5-ubuntu-syncmonitor0.1 qtcontact5-galera qtorganizer5-eds [15:02] Mirv, yes this should work since 'qtorganizer5-eds' depens on ed libs that depend on gtk/glib [15:02] but for some reason is not working [15:02] do you read what I'm writing? [15:02] again, do you have glib-compile-schemas in your snap? [15:02] either the platform one [15:02] or yours [15:02] without this, yeah, it will NOT work [15:03] and this isn't shipped in the glib lib packages [15:03] it's only shipped in the -bin package [15:03] as it's a tool [15:03] didrocks, not in my snap for sure, let me check Mirv package [15:04] didrocks, yes it is present on Mirv package: ./lib/x86_64-linux-gnu/glib-2.0/glib-compile-schemas [15:05] ok, so it's available in that special platform path [15:05] let me special case the qt launcher for it then [15:06] * didrocks would like to avoid code duplication [15:10] renato__: can you edit your launcher for a test? [15:10] didrocks, sure [15:11] didrocks, this is the current code: http://bazaar.launchpad.net/~renatofilho/ubuntu-calendar-app/snappy-runtime/view/head:/snap/ubuntu-calendar-app.wrapper [15:12] most of the code was copied from gtk-launcher [15:12] argh, pastebinit fails… [15:12] renato__: remove the copy from gtk-launcher, you are using desktop-launch, right? [15:13] didrocks, no. I was waiting Mirv launcher to land to use it [15:13] renato__: ah, I did the fix in it [15:13] it's this launcher [15:13] and it's pushed [15:13] I fixed this issue I guess [15:13] mind trying it? [15:13] didrocks, sure how I can test it? [15:14] renato__: the cloud part is desktop-ubuntu-app-platform [15:14] so, just depend on that and prepend your binary with desktop-launch [15:14] renato__: fetch the newest build of the shared snap too while we don't have yet it in store: https://code.launchpad.net/~timo-jyrinki/+snap/ubuntu-app-platform/+build/9346/+files/ubuntu-app-platform_5.6.1_amd64.snap [15:16] fixed the content versioning to match what was merged to the cloud part [15:16] didrocks, do you mean add: "after: [desktop-ubuntu-app-platform]" or just the "plug" entry is enough? [15:16] renato__: yeah, "after: [desktop-ubuntu-app-platform]" [15:16] ok [15:16] renato__: should I update the parts wiki page to match? [15:16] didrocks: I mean you ^ [15:16] renato__: then your apps: will have command: dekstop-launch [15:16] desktop-launch* [15:16] Mirv: what did you change? [15:16] Mirv, where is the wiki page? [15:17] oh, you didn't update it to pick it? [15:17] renato__: ignore [15:17] didrocks: it doesn't have the desktop-ubuntu-app-platform yet [15:17] Mirv: yeah, you need to update the wiki part [15:17] didrocks: ok, doing [15:17] didrocks: hey, we're using content interface to serve up mir libraries...that can be used for any mir-client....so ultimately, we'd want people to "know" this for them to use and put [15:18] into their yaml, but question is...is there any way to auto-promote this? [15:18] or does the existance of such a desire/convention rely on "people just have to know" [15:18] kgunn, we will need a launcher for that too? :( [15:18] renato__: so, as it's not up to date yet, you need to copy https://github.com/ubuntu/snapcraft-desktop-helpers/blob/master/snapcraft.yaml#L299 (from this line to the end) as an additional part [15:19] kgunn: from what I know, we rely on people doing "snapcraft search" (that + blog post), but it seems it fails a little bit as renato__ didn't know about the cloud parts for desktop launcher and still using gtk-launcher [15:19] kgunn: that and future documentation [15:19] kgunn: I hope codelabs could help unblock people (like having a codelab on using mir in snaps) [15:19] same for qt apps [15:20] o/ [15:20] didrocks: but in a snap world....there are no "wrong answers" [15:20] e.g. you can bundle up anything/everything you want.... [15:20] so i don't disagree we will have to promote [15:21] but it would be cool if there were some automagic way (like a "ubuntu-snapcraft-plugin") that scrubbed your yaml [15:21] kgunn: I would love having autocompletion on this with at least one IDE integration [15:21] and if it sees you including libs, it could warn...."hey these libs are in this snap via content interface" [15:21] (I guess that would be a great discovery patterns) [15:21] renato__: didrocks: ok added, there's some 30min delay I think before it's in use. I'll leave meanwhile but we can continue tomorrow. [15:22] jdstrand, hi, have some small changes to the modemmanager interface: https://github.com/snapcore/snapd/pull/2252 [15:22] PR snapd#2252: interfaces: add unconfined access to modem-manager [15:22] Mirv: yeah, I gave what to copy for renato__ to not be blocked on that delay ^ [15:22] Mirv: see you tomorrow :) [15:22] ah, ok [15:22] jdstrand, note also ofono interface is pending for merge [15:23] renato__: see the beginning of that yaml file for updated usage instructions on the newest platform snap that I linked you to - changed plug name, "1" in content field. [15:28] Mirv, didrocks, ok thanks, let me try that [15:30] Mirv: once we are all settled, it would be great to add a "demo/" in the corresponding directory from the desktop launcher [15:37] jdstrand: does ubuntu core provide openssl for snaps to use, or does each snap need to include it's own copy? [15:38] mhall119: openssl is present and available via the default template [15:39] thanks jdstrand [15:39] abeato: ack [15:39] jdstrand, thanks [15:47] didrocks, Mirv , I am getting this now: http://paste.ubuntu.com/23442314/ [15:50] renato__: interesting, do you mind to pastebin bin/desktop-launcher ? [15:50] sure [15:51] it's like if there was a syntax error in it, but I don't see what… [15:51] didrocks, btw this is my project: https://code.launchpad.net/~renatofilho/ubuntu-calendar-app/snappy-runtime/+merge/310200 [15:51] renato__: ah, up to date? [15:52] didrocks, yes with the changes that you asked [15:52] you still need to do some QML2_IMPORT_PATH mangling? [15:53] didrocks, this is the desktop-launcher present on my prime dir: http://paste.ubuntu.com/23442345/ [15:53] didrocks, yes my app install some qml components. [15:53] renato__: ah, we should handle that in the launcher then, right now Mirv's patch removed those [15:54] but yeah, they should be added as well unconditionnally IMHO [15:54] didrocks, I agree [15:54] (my goal is for you to have no wrapper) [15:55] didrocks, this will be great [15:55] Hrm [15:55] how do I fix this in my interface apparmor/seccomp? [15:55] operation="mknod" [...] denied_mask="c" [15:56] kalikiana_: you need a 'w' rule [15:56] jdstrand: I added rw, no difference [15:56] 'c'reat() maps to 'w'rite [15:56] kalikiana_: what is the denial and what did you add? [15:57] kalikiana_: note that mknod is blocked by the seccomp policy so if you added the apparmor rule, seccomp likely blocked it [15:57] /var/snap/lxd/common/lxd/client.crt rw, -> audit: type=1400 audit(1478531590.503:437): apparmor="DENIED" operation="mknod" profile="..." name="/var/snap/lxd/common/lxd/client.crt" pid=21756 comm="..." requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 [15:58] I added mknod and open to apparmor as well [15:58] Somehow this worked before, but I never had any of those rules [15:59] kalikiana_: what does 'snap interfaces' show? [16:01] renato__: interesting, you can't set variable names with -, this is the issue (in the launcher) [16:01] renato__: this needs a wider fix, as this is generated, will take me some time, but I have your code and will be able to try it this way [16:01] renato__: I'll probably work on this tomorrow morning if you don't mind [16:01] jdstrand: lxd:lxd ubuntu-sdk-target [16:01] :home ag-mcphail,dekko,handbrake-jz,libreoffice,lxd,neovim-kalikiana,nethack,spread,unity8-session,vlc [16:01] :lxd-support lxd [16:01] :network dekko,handbrake-jz,libreoffice,lxd,neovim-kalikiana,snapweb,spread,ubuntu-sdk-target,vlc [16:01] didrocks, no problem. Thanks a lot [16:02] jdstrand: ubuntu-sdk-target is my consumer of the lxd interface [16:02] renato__: no worry! sorry for the trouble, but as you are the first customer of that functionality, let's say you pay the price ;) [16:02] didrocks, send me a e-mail if need need a test [16:02] didrocks, yes I know. Thant. and I am here to help [16:03] renato__: will do! :) [16:03] didrocks, renato__: note that environment variables may not contain a '-': http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html [16:04] jdstrand: yeah, and as it's generated from the make flavor parameters (and qt5-app-ubuntu-platform is the first one to use this) [16:04] kalikiana_: can you paste the output of 'cat /var/lib/snapd/apaprmor/snap.lxd.lxd'? [16:04] I need to do some sedderie in the make paramater that Mirv used [16:07] jdstrand: http://paste.ubuntu.com/23442432/ [16:11] kalikiana_: ok, based on what I am seeing there and the denial, it seems that lxd creates a client cert upon connection with lxc [16:12] kalikiana_: up above when you pasted the denial, you used an ellipse for the profile name. can you paste the full unredacted denial? [16:13] jdstrand: Ah, sure, was just trying to keep it concise. Full line: [32204.339899] audit: type=1400 audit(1478531590.503:437): apparmor="DENIED" operation="mknod" profile="snap.ubuntu-sdk-target.ubuntu-sdk-target" name="/var/snap/lxd/common/lxd/client.crt" pid=21756 comm="usdk-target" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 [16:14] jdstrand: the cert file is being written from the api, and this from the client [16:14] '/var/snap/lxd/common/lxd/client.crt rwk,' should match the above. Did you reload the profile correctly? sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.ubuntu-sdk-target.ubuntu-sdk-target [16:15] kalikiana_: (note that any changes in /var/lib/snapd/... will get overwritten on refresh/remove/install/etc) [16:15] I rebuilt snapd and reinstalled the client snap every time [16:15] No manual editing of profiles [16:16] kalikiana_: can you run that apparmor_parser command now and try again? [16:18] jdstrand: Did that. Same error. [16:19] kalikiana_: just for my own sanity, can you paste the profile reload line and the new denial? [16:20] kalikiana_: (both from syslog) [16:29] renato__: ok, so I fixed the launcher and enhanced it so that you can remove your wrapper [16:30] renato__: there is still error while loading shared libraries: libQt5Quick.so.5: cannot open shared object file: No such file or directory [16:30] renato__: which makes sense: find /snap/ubuntu-calendar-app/x1/ubuntu-app-platform/ -name 'libQt5Quick.so.5' [16:30] so it seems Mirv didn'tincludeit [16:30] didn't include it* [16:31] didrocks, humm this is very strange. This is one of the main libraries. Are you sure that you have mirv content mounted? (It does not work well if you launch the app before connect the interface) [16:32] let me try that [16:33] renato__: oh oh oh, you'reright, I didn't connect it :) [16:33] silly me [16:33] renato__: ah, and his test for the interface to be connected is wrong actually (my fault suggesting it), we need to check a subdirectory [16:33] didrocks, yes I faced it a couple of times until I realise that I need to connect it before launch the app for the first time. [16:34] content-default-provider should really autoconnect… [16:34] didrocks, +1 [16:34] didrocks, if you do not connect it before launch the app. you need to remove the app and install it again [16:35] kalikiana_: so I locally did this (I have the lxd snap installed): http://paste.ubuntu.com/23442569/ [16:35] renato__: fixing the launcher at the same time to yell :) [16:36] kalikiana_: I suspect you need to: remove the ubuntu-sdk snap, disable the lxd snap, enable the lxd snap, install the ubuntu-sdk snap to make sure that the profile caches are cleared each time [16:37] kalikiana_: or something along those lines [16:37] jdstrand: dmesg doesn't show any denails after the apparmor_parser lines it would seem - which makes no sense to me right now [16:37] The client output still shows that it can't write [16:38] 2016/11/07 17:36:05 failed to open /var/snap/lxd/common/lxd/client.crt for writing: open /var/snap/lxd/common/lxd/client.crt: permission denied [16:38] kalikiana_: make you you do this: sudo sysctl -w kernel.printk_ratelimit=0 [16:38] kalikiana_: it is possible you are hitting kernel rate limiting and seeing no denials [16:39] kalikiana_: how are you calling lxc? I don't have client.crt with my local test [16:41] jdstrand: Go API. It creates the cert when getting the config. http://paste.ubuntu.com/23442591/ [16:41] kalikiana_: and why is the client.crt in the lxd common directory? shouldn't this be down in SNAP_USER_DATA of ubuntu-sdk? [16:42] kalikiana_: you might be hitting simple unix permissions now. SNAP_COMMON is not writable be a normal user [16:42] by* [16:42] zyga: hey! I'm seeing something weird with the content interface [16:43] didrocks: hey [16:43]