Snappy Confinement and AppArmor
Alexander Sack
asac at canonical.com
Wed Feb 25 14:45:21 UTC 2015
On Wed, Feb 25, 2015 at 3:38 PM, Oliver Grawert <ogra at ubuntu.com> wrote:
> Am Mittwoch, den 25.02.2015, 11:37 +0200 schrieb Mark Shuttleworth:
>> On 23/02/15 11:17, Oliver Grawert wrote:
>> > $SNAPP_APP_USER_DATA_PATH though beware ! if your app runs as root
>> > this will be /root/apps/<pkgname>/ by default.
>>
>> Something in me is as allergic to /root/<app>/ as it is to
>> /home/ubuntu/<app>.
>>
>> Would it make sense to make the home directory for the app point to
>> /var/lib/apps/<package> when running as root? My rationale would be that
>> anything which is running as a service and writing data that is not
>> user-specific should be doing so in /var/lib/apps/<app>/. This is
>> equally true for a service running as a non-root, but non-real user, to
>> the extent we want to enable those.
>>
> my understanding was that apps (specifically desktop and enduser apps)
> would put their "dot dirs and files" for configs there. also an enduser
> app has no access to /tmp at all thanks to confinement.
>
> as i noticed with my vim package yesterday, i had to point TMPDIR to
> SNAP_APP_USER_DATA_PATH to enable vim to write its .swp files for
> recovery.
>
> i guess we need *something* where the app can write user owned tmp files
> but that indeed doesn't necessarily mean $HOME though ...
That's odd. For me .swp files are usually created right next to the
file I edit in vim and are not really temp files in the sense that
they are supposed to survive reboot etc.
Does vim also have a file in TMPDIR on top or why did you need to set
TMPDIR? afaik, we set a TMPDIR in your env to a place in /tmp; did
that not work well?
>
> i think snaps with services (vs binary apps) do not create that dir at
> all but have the environment var available (and usable if you mkdir from
> the service start script).
>
> ciao
> oli
>
>
>
>
> --
> snappy-devel mailing list
> snappy-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
More information about the snappy-devel
mailing list