interfaces composition

Jamie Strandboge jamie at canonical.com
Mon Feb 13 16:02:32 UTC 2017 

On Mon, 2017-02-13 at 10:56 +0100, Roberto Mier Escandón  wrote:
> Hey,
> 
> Just an idea.
> In my last snap I needed docker-support interface for only having access
> to use mknod and chroot. Compared with the big list of permissions that
> interface allows and I don't need, I wonder if we could have an internal
> kind of structure of interfaces so that there are some of them which are
> the composition of others. One snap could plug docker-support not
> knowing that is "chroot" interface +  "ptrace" interface + whatever.
> Other snap can plug chroot interface instead since doesn't need the
> other stuff and so on...
> 

In general, the security policy is the composition of interfaces. The default
template plus interfaces gives you your security policy. There isn't that much
overlap between the interfaces (a few seccomp calls notwithstanding, but there
are some cleanups to be had there), but there is some, because interfaces are
mostly meant to be standalone. The interfaces system is meant to be developer
friendly and 'fine-grained enough' for the functionality that is meant to be
exposed. chroot or ptrace interfaces aren't necessarily interesting on their own
because we have to ask questions like 'chroot to where?' or 'ptrace what and
how?' As such, we look at the desired functionality and go from there. Perhaps
there is something that can be added to the template or an existing interface,
perhaps it is a new interface. How that is expressed internally in snapd is an
internal implementation detail, but what we expose to developers and users is
very carefully considered.

We did just that for the docker-support interface and it is a very special
interface that is transitional and exists to make docker work at all. It's a
very specific corner-case interface that allows a lot more than what is
advertised.

The best course of action is to file bugs and/or discuss on this list the
functionality you want then the developers can figure out how to expose it.

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170213/70914db6/attachment.sig>

More information about the Snapcraft mailing list