exposing more of systemd to snappy packages
Jamie Strandboge
jamie at canonical.com
Wed Dec 10 15:55:59 UTC 2014
On 12/10/2014 05:39 PM, Kapil Thangavelu wrote:
> at the moment we're generating systemd from package metadata.yaml (we used to
> just include unit files in the package). i assume that's so we could
> embed/generate the right invocations for app armor and paths. But there's quite
> a lot of functionality that packages are giving up as a result, cron/timer and
> one off scripts come to mind. is there any chance we can expose more of this
> back to packages either via additional yaml translation or direct systemd conf
> sections for merge.
>
I think exposing arbitrary direct systemd conf sections is not the approach we
should take. It is error prone, difficult to verify, potentially exposes
security issues and tightly couples the snapp to the underlying system.
While the security team initially recommended the current approach to ensure a
safe approach, it has a lot of other benefits if done right. IMO, I think we
should be looking at useful new yaml declarations for snapps.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20141210/306e0b46/attachment.pgp>
More information about the snappy-devel
mailing list