Adding custom apparmor rules
Zygmunt Krynicki
zygmunt.krynicki at canonical.com
Mon Nov 16 21:50:45 UTC 2015
On Mon, Nov 16, 2015 at 8:22 PM, Darren Landoll
<darren.landoll at gmail.com> wrote:
>> I'm working on a capability system. It's a bit premature to offer you
>> a chance to use it (it's not there by any chance, yet) but I'm curious
>> about the specific files and why you need to read them. Could you
>> expand on that please?
>>
>
> I was trying to get read access to a PCI Ethernet card under
> /sys/devices/... for its MAC address, so I could've used hw-assign but
> I guess I wasn't sure if that could be pre-assigned via the package
> metadata and ended up going down the route of a custom apparmor
> policy.
Hi
I'm interested in knowing the answers to a few questions. Please reply
if you can:
Q: Are you writing a new application or porting existing body of code?
Q: Which files (devices) would you need to access?
Q: Which system calls do you plan to use outside of file access?
Right now the capability system is taking baby steps and networking is
still further down the line but the more I know about what people are
trying to do now, the better I will be able to help everyone out in
the end.
Best regards
ZK
More information about the snappy-app-devel
mailing list