Ubuntu Core: how the file-system works

Luca Dionisi luca.dionisi at gmail.com
Fri Jan 20 17:15:17 UTC 2017

On Fri, Jan 20, 2017 at 5:33 PM, Mark Shuttleworth <mark at ubuntu.com> wrote:
> On 20/01/17 08:03, Luca Dionisi wrote:
>> If I understand it correctly, an unconfined app will be able in the
>> system
>> to do whatever my standard user would be able to. For instance, if I
>> log into my ubucore16 (the name of my KVM instance) and issue:
>>  sudo sysctl net.ipv4.ip_forward=1
>>     -or-
>>  sudo ip address add dev eth0
>> it reports success. Thus, if I run an unconfined app which tries to do the
>> same it will succeed. Whilst a strictly confined app would not, if it is
>> not hooked to a certain capability.
>> So far, so good?
> Ubuntu Core is confined-snaps-only. Ubuntu Classic allows less confined
> snaps.
> The commands you're wanting to run should be fine, though, with the
> right interfaces in place for your confined snap on Ubuntu Core. I think
> you meant that when you said 'hooked for a certain capability'. The
> devmode confinement should also be a useful workaround in your
> development process.


On Fri, Jan 20, 2017 at 5:18 PM, Oliver Grawert <ogra at ubuntu.com> wrote:
> the firewall interface gives you access to the kernel firewall
> features, your snap would ship the necessary user space tools for this
> and run them in the snap. the interface will be the same on all snap
> based systems (pretty much like ufw builds in iptables, ipset in the
> snap [1])

I think I got it. So I will continue to use g_spawn_async_with_pipes
in my code. But I will prepare the snap file so that when installed on
Ubuntu Core (or snap based system) it will work even in confined mode.
Also, it will have the exact version of the userspace tools that I will
choose to ship.


So, going back to my first issue. I would like to be able to create
routing table names on Ubuntu Core. To my knowledge this should be
done by writing to the rt_tables file, and it is currently impossible.
Should I consider filing a bug?


More information about the Snapcraft mailing list