Snappy Confinement and AppArmor
Gustavo Niemeyer
gustavo.niemeyer at canonical.com
Wed Feb 25 15:24:59 UTC 2015
On Wed, Feb 25, 2015 at 12:01 PM, Oliver Grawert <ogra at ubuntu.com> wrote:
> it iterates over:
>
> $TMPDIR, $(pwd), /tmp
>
> if non of these is writeable it throws an error (usually $TMPDIR isnt
> set so you end up with a .$filename.swp file next to the file you
> opened ...)
The default is actually the current directory, even if TMPDIR is set:
$ vi -u NONE -s -e -c "set directory" -c q
directory=.,~/tmp,/var/tmp,/tmp
Besides convenience, the reasoning follows asac's point: temporary
directories often point to memory or are reset on reboot, which may
render the file unaccessible in crashes, which is one of the main
reasons to have a swap file in the first place.
> that vim package is rather moot anyway, you cant really open files
> anywhere but in $SNAPP_APP_USER_DATA_PATH due to the confinement.
>
> theoretically this package would need read access to everything ... but
> even then there is the issue that once you sudo the $PATH gets changed
> and you wont find the executable anymore.
That's a case where the package functionality is useful for someone
navigating the filesystem, so as long as we can use it with root or
ubuntu, it's serving its intent I suppose.
gustavo @ http://niemeyer.net
More information about the snappy-devel
mailing list