Seccomp violation when pairing and controlling devices

Question

Seccomp violation when pairing and controlling devices

farshidtz opened this issue a year ago · 0 comments

There may be some permission issues, but they don't appear to affect functionality.

Here is the debug info from snappy-debug when trying to pair with chip-tool pairing ble-thread:

= AppArmor =
Time: 2023-07-19T11:2
Log: apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/19457/usr/lib/snapd/snap-confine" pid=36414 comm="snap-confine" capability=12  capname="net_admin"
Capability: net_admin
Suggestions:
* adjust program to not require 'CAP_NET_ADMIN' (see 'man 7 capabilities')
* add one of 'bluetooth-control, firewall-control, netlink-audit, netlink-connector, network-control, qualcomm-ipc-router' to 'plugs'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing (https://launchpad.net/bugs/1465724)

= AppArmor =
Time: 2023-07-19T11:2
Log: apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/19457/usr/lib/snapd/snap-confine" pid=36414 comm="snap-confine" capability=38  capname="perfmon"
Capability: perfmon
Suggestions:
* adjust program to not require 'CAP_PERFMON' (see 'man 7 capabilities')
* do nothing if program otherwise works properly

= Seccomp =
Time: 2023-07-19T11:2
Log: auid=1000 uid=0 gid=0 ses=4 subj=snap.chip-tool.chip-tool pid=36414 comm="gmain-matter" exe="/snap/chip-tool/19/bin/chip-tool" sig=0 arch=c000003e 314(sched_setattr) compat=0 ip=0x7fe5c1e50a3d code=0x50000
Syscall: sched_setattr
Suggestion:
* add 'process-control' to 'plugs'

During onoff toggle:

= AppArmor =
Time: 2023-07-25T13:1
Log: apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/19457/usr/lib/snapd/snap-confine" pid=48260 comm="snap-confine" capability=12  capname="net_admin"
Capability: net_admin
Suggestions:
* adjust program to not require 'CAP_NET_ADMIN' (see 'man 7 capabilities')
* add one of 'bluetooth-control, firewall-control, netlink-audit, netlink-connector, network-control, qualcomm-ipc-router' to 'plugs'
* do nothing if using systemd utility (eg, timedatectl): https://forum.snapcraft.io/t/managing-time-date-and-timezone-in-ubuntu-core/408/44
* do nothing (https://launchpad.net/bugs/1465724)

= AppArmor =
Time: 2023-07-25T13:1
Log: apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/19457/usr/lib/snapd/snap-confine" pid=48260 comm="snap-confine" capability=38  capname="perfmon"
Capability: perfmon
Suggestions:
* adjust program to not require 'CAP_PERFMON' (see 'man 7 capabilities')
* do nothing if program otherwise works properly