daemon ordering
Gustavo Niemeyer
gustavo at niemeyer.net
Thu Feb 2 13:50:09 UTC 2017
Is there any particular missing feature you're blocked on today? Can you
please provide a bit more detail about that particular case?
We'd be happy to work through that with you and make sure you're not
blocked.
On Wed, Feb 1, 2017 at 6:29 PM, Howard Cochran <
howard at badger-technologies.com> wrote:
> On Wed, Feb 1, 2017 at 2:02 PM, Gustavo Niemeyer <gustavo at niemeyer.net>
> wrote:
> >
> > Such embedded devices are still computers on the network. We'll all be
> much
> > better off if they are running their applications confined and secured.
> >
> > That said, we understand that it takes some time and effort until most
> > software is properly confined, which is why we support snaps with classic
> > and devmode confinement.
> >
> > Even there, though, we're keen to ensure that the general model supports
> a
> > comfortable migration towards proper confinement, as that's where we'll
> all
> > want to be in the end, so we shouldn't just go loose and implement
> features
> > that we know will break confinement unnecessarily.
>
> Those are all very good points, and I agree with them. It appears, to
> me, though, that systemd has many features that can enhance
> confinement and/or tailor it in very targeted ways. It would be nice
> to be able to leverage those features. And many of its directives
> don't break confinement (especially some very common ones like
> Condition* and ExecStartPre/Post, Before, After, PartOf, Wants,
> Conflicts, RuntimeDirectory, and others. Perhaps snapcraft could have
> a whitelist of allowed directives when confinement mode is strict?
>
> Thanks,
> Howard
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
--
gustavo @ http://niemeyer.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170202/1649718e/attachment.html>
More information about the Snapcraft
mailing list