Snappy

Snaps using libappindicator and unity7 plug can't show app-indicators

Bug #1639988 reported by Marco Trevisan (Treviño)
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snappy
Fix Released
Medium
Jamie Strandboge

Bug Description

Trying to run the remmina snap (https://github.com/3v1n0/Remmina-snap) in a confined environment (with unity7 plug), there's a failure when trying to call the relevant methods to get a libappmenu indicator:

(remmina:24369): libappindicator-WARNING **: Unable to connect to the Notification Watcher: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.2651" (uid=1000 pid=24369 comm="remmina ") interface="org.kde.StatusNotifierWatcher" member="RegisterStatusNotifierItem" error name="(unset)" requested_reply="0" destination=":1.52" (uid=1000 pid=5960 comm="/usr/lib/x86_64-linux-gnu/indicator-application/in")

The journal says a little more infos:

nov 08 01:57:51 t460s dbus[5628]: apparmor="DENIED" operation="dbus_signal" bus="session" path="/org/ayatana/NotificationItem/remmina_icon/Menu" interface="com.canonical.dbusmenu" member="LayoutUpdated" mask="send" name="org.freedesktop.DBus" pid=24659 label="snap.remmina-unstable.remmina" peer_pid=5635 peer_label="unconfined"
nov 08 01:57:51 t460s dbus[5628]: apparmor="DENIED" operation="dbus_signal" bus="session" path="/org/ayatana/NotificationItem/remmina_icon/Menu" interface="com.canonical.dbusmenu" member="LayoutUpdated" mask="send" name="org.freedesktop.DBus" pid=24659 label="snap.remmina-unstable.remmina" peer_pid=5635 peer_label="unconfined"
nov 08 01:57:51 t460s dbus[5628]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/StatusNotifierWatcher" interface="org.kde.StatusNotifierWatcher" member="RegisterStatusNotifierItem" mask="send" name=":1.52" pid=24659 label="snap.remmina-unstable.remmina" peer_pid=5960 peer_label="unconfined"

The call inside libappindicator seems correct to me:
  http://bazaar.launchpad.net/~indicator-applet-developers/libappindicator/trunk.16.10/view/head:/src/app-indicator.c#L1341

And the unity7.go interface should cover that case (in fact calling the very same method from gdbus inside the snap run --shell, works).

A weird thing is that if I check what happens with dbus-session, I see this call:

dbus-monitor --session --monitor "interface=org.kde.StatusNotifierWatcher"

method call time=1478560856.427274 sender=:1.2610 -> destination=:1.52 serial=13 path=/StatusNotifierWatcher; interface=org.kde.StatusNotifierWatcher; member=RegisterStatusNotifierItem string "/org/ayatana/NotificationItem/remmina_icon"

----

A simpler test case you can use is: https://code.launchpad.net/~3v1n0/+git/appindicator-snap

In this case the journalctl output is different, with some complains about DBusMenu's as well, but still it fails at the same point.

Revision history for this message
Marco Trevisan (Treviño) (3v1n0) wrote :

Looking this better, it seems more a problem related to the fact that the host can't access to the snap dbus interface. In fact calling the method with gdbus using a path as parameter, still fails.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, your simple reproducer is missing 'plugs: [ gsettings ]'

I've been able to get the simple reproducer to work with this commit: https://github.com/jdstrand/snapd/commit/957681991117966a0f3b83976dd9314571b5e544

That will be included in the next policy updates PR.

Changed in snappy:
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: New → In Progress
Jamie Strandboge (jdstrand)
Changed in snappy:
status: In Progress → Fix Committed
Jean-Baptiste Lallement (jibel)
no longer affects: snapd (Ubuntu)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

2.20 fixes this issue.

Changed in snappy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.