Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
interfaces: add a joystick interface #3112
Conversation
kyrofa
Kyle Fazzari
Some checks were not successful
kyrofa
requested a review
from
jdstrand
Mar 29, 2017
| + } | ||
| + | ||
| + // The snap implementing this slot must be an os snap. | ||
| + if !(slot.Snap.Type == "os") { |
jdstrand
reviewed
Mar 30, 2017
The interface looks fine to me. I would actually prefer that the udev code be present with addSnippet() commented out with a TODO that this needs to be fixed as a reminder that we need to do this. The framebuffer udev tagging is only temporarily being removed (and I asked them to comment out the code instead of removing in the other PR).
Please also update https://bugs.launchpad.net/snapd/+bug/1675738 to add the joystick interface to the list for phase 2.
| + allow-installation: | ||
| + slot-snap-type: | ||
| + - core | ||
| + deny-auto-connection: true |
jdstrand
Mar 30, 2017
•
Edited 1 time
-
jdstrand
Mar 30, 2017
Contributor
-
Mar 30, 2017
I think your instincts for the base decalaration are correct. On the one hand, this is giving precisely what the interface advertises, but it is a device driver which adds attack surface to the kernel. I also suspect that we are going to need more extensive udev and/or /dev/input access in the future which definitely means we won't want to auto-connect. We can always reconsider in the future.
| +const joystickConnectedPlugAppArmor = ` | ||
| +# Description: Allow reading and writing to joystick devices (/dev/input/js*). | ||
| + | ||
| +/dev/input/js[0-9]* rw, |
zyga
Mar 30, 2017
Contributor
Shall we make this js[0-9]+, unless /dev/js is a customary name as well
kyrofa
Mar 30, 2017
•
Edited 1 time
-
kyrofa
Mar 30, 2017
Member
-
Mar 30, 2017
Indeed, the first device is js0. I didn't realize + was supported.
jdstrand
Mar 30, 2017
•
Edited 1 time
-
jdstrand
Mar 30, 2017
Contributor
-
Mar 30, 2017
AARE doesn't support '+'. See 'Globbing' in man apparmor.d. If you want to support /dev/input/js on its own, then please use:
/dev/input/js{,[0-9]*} rw,
if you want only /dev/input/jsN, then the current rule is correct.
jdstrand
Mar 30, 2017
Contributor
Looking a thttps://github.com/torvalds/linux/blob/master/Documentation/admin-guide/devices.txt, it will always have a number, so the current rule is correct.
In reading that, please also add this for futureproof-ness:
/run/udev/data/c13:{[0-9],[12][0-9],3[01]} r,
zyga
Mar 31, 2017
Contributor
@jdstrand those numbers there are totally magic to me. I think we could use a comment that says what that is (or a link to some kernel document)h
kyrofa
added some commits
Mar 30, 2017
Some checks were not successful
No problem, done.
Also done. |
Do the autopkgtests just need to run again, or is there a larger problem? |
mvo5
reviewed
Apr 3, 2017
One question about the possibility of simplifying the interface. Otherwise looks very nice, thanks for doing this work!
| + "github.com/snapcore/snapd/snap" | ||
| +) | ||
| + | ||
| +const joystickConnectedPlugAppArmor = ` |
mvo5
Apr 3, 2017
Collaborator
Silly(?) question - but given that it appears this is only having an apparmor snippet and is otherwise a very simple interface - would it make sense to just use the commonInterface abstraction/helper here? Similar to e.g. camera.go. This way joystick.go could probably be written as:
const joystickConnectedPlugAppArmor = `
/dev/input/js[0-9]* rw,
/run/udev/data/c13:{[0-9],[12][0-9],3[01]} r,
`
func NewJoystickInterface() interfaces.Interface {
return &commonInterface{
name: "joystick",
connectedPlugAppArmor: joystickConnectedPlugAppArmor,
reservedForOS: true,
}
}
I put a better diff here http://paste.ubuntu.com/24305321/
jdstrand
Apr 3, 2017
Contributor
@mvo5 because the CE team is committed to add the udev backend to all the interfaces that reference /dev but don't use it. Having it written this way for this new interface will help to avoid adding extra work to that effort.
kyrofa
Apr 3, 2017
Member
@jdstrand specifically instructed me to use framebuffer for reference instead of camera. I'm not 100% sure why, but suspect it has something to do with LP: #1675738. I'm sure he can clarify.
| +# Description: Allow reading and writing to joystick devices (/dev/input/js*). | ||
| + | ||
| +/dev/input/js[0-9]* rw, | ||
| +/run/udev/data/c13:{[0-9],[12][0-9],3[01]} r, |
jdstrand
Apr 3, 2017
Contributor
Actually, we can do the same with /dev/input/js which I thought of over the weekend. To combine this with @zyga's request, please adjust this to be:
# Per https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/devices.txt
# only js0-js31 is valid so limit the /dev and udev entries to those devices.
/dev/input/js{[0-9],[12][0-9],3[01]} rw,
/run/udev/data/c13:{[0-9],[12][0-9],3[01]} r,
kyrofa
added some commits
Apr 3, 2017
kyrofa commentedMar 29, 2017
•
Edited 1 time
-
kyrofa
Mar 29, 2017
This PR resolves LP: #1675871 by adding a
joystickinterface that simply allows AppArmor access to/dev/input/js[0-9]*.Note that the
framebufferinterface was heavily used for reference here, minus the udev component which seems to be in the midst of being removed. I wrote this component, but commented it out with a TODO so we don't forget to fix it as part of LP: #1675738.Note also that this PR is conservative: this interface is not automatically connected in its present state. I don't see an immediately obvious reason this interface shouldn't be automatically connected, but I'll let the reviewers decide.