Snappy Confinement and AppArmor
Gustavo Niemeyer
gustavo.niemeyer at canonical.com
Wed Feb 25 14:49:30 UTC 2015
Only if you can write to that directory, otherwise it'll land in a
temporary directory:
$ lsof -p 30372
(...)
vi 30372 niemeyer 7u REG 252,1 12288 5248230
/home/niemeyer/tmp/foo.txt.swp
On Wed, Feb 25, 2015 at 11:45 AM, Alexander Sack <asac at canonical.com> wrote:
> On Wed, Feb 25, 2015 at 3:38 PM, Oliver Grawert <ogra at ubuntu.com> wrote:
>> Am Mittwoch, den 25.02.2015, 11:37 +0200 schrieb Mark Shuttleworth:
>>> On 23/02/15 11:17, Oliver Grawert wrote:
>>> > $SNAPP_APP_USER_DATA_PATH though beware ! if your app runs as root
>>> > this will be /root/apps/<pkgname>/ by default.
>>>
>>> Something in me is as allergic to /root/<app>/ as it is to
>>> /home/ubuntu/<app>.
>>>
>>> Would it make sense to make the home directory for the app point to
>>> /var/lib/apps/<package> when running as root? My rationale would be that
>>> anything which is running as a service and writing data that is not
>>> user-specific should be doing so in /var/lib/apps/<app>/. This is
>>> equally true for a service running as a non-root, but non-real user, to
>>> the extent we want to enable those.
>>>
>> my understanding was that apps (specifically desktop and enduser apps)
>> would put their "dot dirs and files" for configs there. also an enduser
>> app has no access to /tmp at all thanks to confinement.
>>
>> as i noticed with my vim package yesterday, i had to point TMPDIR to
>> SNAP_APP_USER_DATA_PATH to enable vim to write its .swp files for
>> recovery.
>>
>> i guess we need *something* where the app can write user owned tmp files
>> but that indeed doesn't necessarily mean $HOME though ...
>
> That's odd. For me .swp files are usually created right next to the
> file I edit in vim and are not really temp files in the sense that
> they are supposed to survive reboot etc.
>
> Does vim also have a file in TMPDIR on top or why did you need to set
> TMPDIR? afaik, we set a TMPDIR in your env to a place in /tmp; did
> that not work well?
>
>>
>> i think snaps with services (vs binary apps) do not create that dir at
>> all but have the environment var available (and usable if you mkdir from
>> the service start script).
>>
>> ciao
>> oli
>>
>>
>>
>>
>> --
>> snappy-devel mailing list
>> snappy-devel at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
>
> --
> snappy-devel mailing list
> snappy-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
--
gustavo @ http://niemeyer.net
More information about the snappy-devel
mailing list