Snappy Confinement and AppArmor
Oliver Grawert
ogra at ubuntu.com
Wed Feb 25 15:38:33 UTC 2015
Am Mittwoch, den 25.02.2015, 12:24 -0300 schrieb Gustavo Niemeyer:
> On Wed, Feb 25, 2015 at 12:01 PM, Oliver Grawert <ogra at ubuntu.com> wrote:
> > it iterates over:
> >
> > $TMPDIR, $(pwd), /tmp
> >
> > if non of these is writeable it throws an error (usually $TMPDIR isnt
> > set so you end up with a .$filename.swp file next to the file you
> > opened ...)
>
> The default is actually the current directory, even if TMPDIR is set:
>
> $ vi -u NONE -s -e -c "set directory" -c q
> directory=.,~/tmp,/var/tmp,/tmp
it iterates over the TEMPDIRNAMES macro if you havent defined it in
vimrc ...
from the vim source (os_unix_defs.h):
# define TEMPDIRNAMES "$TMPDIR", "/tmp", ".", "$HOME"
>
> Besides convenience, the reasoning follows asac's point: temporary
> directories often point to memory or are reset on reboot, which may
> render the file unaccessible in crashes, which is one of the main
> reasons to have a swap file in the first place.
>
> > that vim package is rather moot anyway, you cant really open files
> > anywhere but in $SNAPP_APP_USER_DATA_PATH due to the confinement.
> >
> > theoretically this package would need read access to everything ... but
> > even then there is the issue that once you sudo the $PATH gets changed
> > and you wont find the executable anymore.
>
> That's a case where the package functionality is useful for someone
> navigating the filesystem, so as long as we can use it with root or
> ubuntu, it's serving its intent I suppose.
>
the package is only useful for editing files after you copied them into
$HOME/apps/vim.ogra/<version>/
it cant open anything outside of this dir due to confinement (unless i
ship an override apparmor profile which means i cant upload to the store
and have automatic landings anymore)
ciao
oli
More information about the snappy-devel
mailing list