UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Get an app to manage SSH, grant permission to use `/bin/sh`

    Scheduled Pinned Locked Moved App Development
    2 Posts 2 Posters 283 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • A Offline
        amazones
        last edited by

        How can I start and stop SSH in my clickable app? I'm using Python+QML, and I want to simply execute /etc/init.d/ssh start in shell, but I get the following error:

        Jul 01 12:47:53 ubuntu-phablet aa-exec[7215]: PermissionError: [Errno 13] Permission denied: '/bin/sh'

        How can I give my app access to the /bin/sh? Should I give it some special apparmor permission? I tried to add "template": "unconfined" to my apparmor file, but it doesn't let me do that and dies on me during build:

        Errors
------
 - security:template_valid:sshhelper.apparmor
        (NEEDS REVIEW) 'unconfined' not allowed
        http://askubuntu.com/q/671403

        Here's my app code, it's just straight up Python template with simple function to call shell commands:

        ## ssh.py
import subprocess
def execute_shell_command(command):
    process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    output, error = process.communicate()
    return output.decode('utf-8'), error.decode('utf-8'), process.returncode

        // main.qml
import QtQuick 2.7
import Lomiri.Components 1.3
import QtQuick.Layouts 1.3
import Qt.labs.settings 1.0
import io.thp.pyotherside 1.4

MainView {
    id: root
    objectName: 'mainView'
    applicationName: 'test'
    automaticOrientation: true

    width: units.gu(45)
    height: units.gu(75)

    Page {
        anchors.fill: parent

        header: PageHeader {
            id: header
            title: i18n.tr('SSH Helper')
        }

        Label {
            anchors {
                top: header.bottom
                left: parent.left
                right: parent.right
                bottom: parent.bottom
            }
            text: i18n.tr('Check the logs!')

            verticalAlignment: Label.AlignVCenter
            horizontalAlignment: Label.AlignHCenter
        }
    }

    Python {
        id: python

        Component.onCompleted: {
            addImportPath(Qt.resolvedUrl('../src/'));

            importModule('ssh', function() {
                console.log('module imported');
                python.call('ssh.execute_shell_command', ['/etc/init.d/ssh start'], function(returnValue) {
                    console.log('the command returned ' + returnValue);
                })
            });
        }

        onError: {
            console.log('python error: ' + traceback);
        }
    }
}
        1 Reply Last reply Reply Quote 0
        • L Offline
          lkroll
          last edited by

          To spawn a shell the app needs to be unconfined afaik.
          You can accept the error by adding --accept-review-errors to your clickable command and see if it works.

          Keep in mind that unconfined apps need to be reviewed before they can be submitted to the OpenStore.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post