Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

agl-service-unicens: access denied when opening character devices

Description

After booting master image (nightly build from 1st June 2019), the "agl-service-unicens" cannot open/read/write the required character devices (rx=/dev/inic-usb-crx, tx=/dev/inic-usb-ctx).

The logs say that access is denied. 

// code placeholder m3ulcb:~# journalctl -b | grep 3455 Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: ------BEGIN OF CONFIG----- Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- { Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "name": "afbd-agl-service-unicens@0.1-b79d0ef", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "rootdir": "/var/local/lib/afm/applications/agl-service-unicens/0.1-b79d0ef", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "workdir": "/tmp", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "monitoring": true, Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "port": 31025, Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "token": "HELLO", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "roothttp": ".", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "binding": [ Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "/var/local/lib/afm/applications/agl-service-unicens/0.1-b79d0ef/lib/afb-ucs2.so" Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- ], Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "ws-server": [ Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "sd:unicens" Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- ], Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "apitimeout": 20, Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "cache-eol": 100000, Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "cntxtimeout": 32000000, Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "session-max": 200, Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "uploaddir": ".", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "rootbase": "/opa", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "rootapi": "/api", Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "ldpaths": [ Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "/usr/lib/afb" Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- ], Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "alias": [ Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- "/monitoring:/usr/lib/afb/monitoring" Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- ] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: -- } Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: ------END OF CONFIG----- Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: running with pid 3455 [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/main-afb-daemon.c:934,main] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: API monitor added [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-apiset.c:505,afb_apiset_add]>>>>> Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: Can't connect supervision socket to @urn:AGL:afs:supervision:socket: Connection refused [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-supervision.c:171,try_connect_supervisor] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: Supervision received a SIGHUP [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-supervision.c:240,on_sighup] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: Try to connect supervisor after SIGHUP [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-supervision.c:234,try_connect_supervisor_job] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: binding [/var/local/lib/afm/applications/agl-service-unicens/0.1-b79d0ef/lib/afb-ucs2.so] looks like an AFB binding V2 [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-api-so-v2.c:198,afb_api_so_v2_add] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: API UNICENS added [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-apiset.c:505,afb_apiset_add] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: binding UNICENS added to set main [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-api-so-v2.c:178,afb_api_so_v2_add_binding] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: Scanning dir=[/usr/lib/afb] for bindings [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-api-so.c:176,adddirs] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: Scanning dir=[/usr/lib/afb/monitoring] for bindings [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-api-so.c:176,adddirs] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: API monitor starting... [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-apiset.c:787,start_api] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: API monitor started [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-apiset.c:806,start_api] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: API UNICENS starting... [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-apiset.c:787,start_api] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: [API UNICENS] AFM_APP_INSTALL_DIR is: /var/local/lib/afm/applications/agl-service-unicens/0.1-b79d0ef [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/agl-service-unicens/0.1+gitAUTOINC+22ada57cea-r0/git/ucs2-afb/ucs_binding.c:374,GetDefaultConfig] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: [API UNICENS] Default configuration: /var/local/lib/afm/applications/agl-service-unicens/0.1-b79d0ef/var/config_multichannel_audio_kit.xml [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/agl-service-unicens/0.1+gitAUTOINC+22ada57cea-r0/git/ucs2-afb/ucs_binding.c:380,GetDefaultConfig] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: [API UNICENS] AUTO-LOAD configuration: /var/local/lib/afm/applications/agl-service-unicens/0.1-b79d0ef/var/config_multichannel_audio_kit.xml [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/agl-service-unicens/0.1+gitAUTOINC+22ada57cea-r0/git/ucs2-afb/ucs_binding.c:795,ucs2_initbinding] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: [API UNICENS] Parsing result: 10 Nodes, 11 Scripts, Ethernet Bandwith 20 bytes = 7.68 MBit/s [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/agl-service-unicens/0.1+gitAUTOINC+22ada57cea-r0/git/ucs2-afb/ucs_binding.c:419,ParseFile]>>>>> Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: ERROR: [API UNICENS] Fail to initialise device [rx=/dev/inic-usb-crx tx=/dev/inic-usb-ctx] [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/agl-service-unicens/0.1+gitAUTOINC+22ada57cea-r0/git/ucs2-afb/ucs_binding.c:444,StartConfiguration] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: [API UNICENS] AUTO-LOAD failed [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/agl-service-unicens/0.1+gitAUTOINC+22ada57cea-r0/git/ucs2-afb/ucs_binding.c:799,ucs2_initbinding] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: API UNICENS started [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-apiset.c:806,start_api] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: INFO: Alias for url=/monitoring to path=/usr/lib/afb/monitoring [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/main-afb-daemon.c:299,init_alias] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: Waiting port=31025 rootdir=/var/local/lib/afm/applications/agl-service-unicens/0.1-b79d0ef [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/main-afb-daemon.c:382,start_http_server] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: Browser URL= http://localhost:31025 [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/main-afb-daemon.c:383,start_http_server] Jun 28 22:12:47 m3ulcb afbd-agl-service-unicens@0.1-b79d0ef[3455]: NOTICE: Listening interface *:31025 [/xdt/workspace/m3_build/tmp/work/aarch64-agl-linux/af-binder/master+gitAUTOINC+5026438e90-r0/git/src/afb-hsrv.c:557,hsrv_itf_connect]>>>>> Jul 02 07:44:31 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115 Jul 02 07:44:32 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115 Jul 02 07:44:33 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115 Jul 02 07:44:34 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115 Jul 02 07:44:37 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115 Jul 02 07:44:38 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115 Jul 02 07:44:39 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115 Jul 02 07:44:40 m3ulcb audit[3710]: AVC lsm=SMACK fn=smack_inode_getattr action=denied subject="User::App::agl-service-taskmanager" object="User::App::agl-service-unicens" requested=r pid=3710 comm="afbd-agl-servic" path="/proc/3455" dev="proc" ino=8115

The issue is seen on master. Guppy seems to work fine.

 

 

Environment

Master / m3ulcb

Activity

Walt Miner 
July 30, 2019 at 9:38 PM

Close for HH 8.0.0 release

Tobias Jahnke 
July 4, 2019 at 3:00 PM

I created an extra ticket for the Protocol Error. I can confirm that it is sporadic.

Tobias Jahnke 
July 4, 2019 at 12:43 PM

, you are right. Adding the udev rules and adding the 'audio' permission fixes it.

I temporary fixed it by modifying the unit "/usr/local/lib/systemd/system/afm-service-agl-service-unicens--0.1-b79d0ef–main.service", assigning to group 'audio'.

Thank you for the investigation.

Scott Murray 
July 4, 2019 at 11:02 AM

With respect to the "Failed with result 'protocol'." systemd error, it went away when I turned on systemd debug logging, suggesting a race condition of some kind.  I'll upload the udev and config.xml.in changes since they seem required as a start.

Scott Murray 
July 4, 2019 at 9:17 AM

, see my comment above, the rules I listed plus adding the audio permission to the config.xml.in do allow agl-service-unicens to start if it's poked with systemctl after booting.

Fixed

Details

Assignee

Reporter

Fix versions

Labels

Contract ID

Hardware Platform(s) Affected

Renesas M3

Components

Affects versions

Priority

Created July 2, 2019 at 11:50 AM
Updated September 19, 2019 at 12:06 PM
Resolved July 9, 2019 at 9:10 PM

Flag notifications