Snap security questions
Jamie Strandboge
jamie at canonical.com
Tue Feb 7 13:58:12 UTC 2017
On Wed, 2017-02-01 at 08:46 -0600, Jamie Strandboge wrote:
> On Wed, 2017-02-01 at 20:33 +0800, James Henstridge wrote:
> >
> > Hi,
> >
> > On our team we've been working to snap the thumbnailer project. While
> > there are some problems that are probably specific to this package,
> > there were a few that I suspect might affect other packages too:
> >
> > 1. Intra-snap D-Bus communication
> >
> > The thumbnailer D-Bus service exposes a number of methods that were
> > intended for use by the "thumbnailer-admin" helper program, but not by
> > outside clients. The generic "dbus" snappy interface does a good job
> > of making sure clients can't call these privileged methods, but I'm
> > left needing a way to get thumbnailer-admin working again.
> >
> > I noticed that the default AppArmor rules allow communication via unix
> > domain sockets with other apps from the same snap, so one easy way to
> > solve my problem would be to also allow applications to send and
> > receive arbitrary messages over the session bus to/from other
> > applications from the same snap. This would let me get
> > thumbnailer-admin working without having to expose the same abilities
> > to third party snaps through a slot.
> >
> > I filed a bug about this one here:
> >
> > https://bugs.launchpad.net/snappy/+bug/1659724
> >
> I was thinking about this one myself. Thanks for filing the bug. I've assigned
> it to me.
>
This is merged in trunk and will be in snapd 2.23.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170207/6c5b2e53/attachment.sig>
More information about the Snapcraft
mailing list