Snappy Confinement and AppArmor
Oliver Grawert
ogra at ubuntu.com
Mon Feb 23 09:17:28 UTC 2015
hi,
Am Montag, den 23.02.2015, 08:34 +0200 schrieb Mark Shuttleworth:
> On 22/02/15 22:17, Víctor Mayoral Vilches wrote:
> > * # Writable area*
> >
> > * owner /home/ubuntu/ w,*
> > Which didn't work either. Could anyone point out how could i re-write the
> > snap so that it can write in /home/ubuntu directory? I presume accessing
> > hardware abstractions/files (e.g.: GPIOs) would be pretty much the same,
> > right?
>
> AIUI apps get a place where they can write that is not tied to a
> specific user, something like:
>
> /var/lib/snappy/<app>/
>
> That would be preferable to a default user like 'ubuntu'.
seems our developer guide [1] needs updating. it points to /var/apps ...
currently.
the correct path is /var/lib/apps/<pkgname>/ <version>/ this path is
exported into your environment as:
$SNAPP_APP_DATA_PATH ...
the guide points also to:
/home/<user>/apps/<pkgname>/current/
of which i have no clue about if it works, i haven't touched anything
yet that needs user side configuration in snappy yet. but the
environment points to this dir with:
$SNAPP_APP_USER_DATA_PATH
though beware ! if your app runs as root this will
be /root/apps/<pkgname>/ by default.
you can use both vars from your service startup script to do anything
with data in them ... if you want to see all your environment just add
the following line to one of your start scripts and restart the service:
env >$SNAPP_APP_DATA_PATH/env.log
ciao
oli
[1] https://developer.ubuntu.com/en/snappy/#snap-developers
More information about the snappy-devel
mailing list