Snappy Confinement and AppArmor

Oliver Grawert ogra at
Wed Feb 25 15:38:33 UTC 2015

Am Mittwoch, den 25.02.2015, 12:24 -0300 schrieb Gustavo Niemeyer:
> On Wed, Feb 25, 2015 at 12:01 PM, Oliver Grawert <ogra at> wrote:
> > it iterates over:
> >
> > $TMPDIR, $(pwd), /tmp
> >
> > if non of these is writeable it throws an error (usually $TMPDIR isnt
> > set so you end up with a .$filename.swp file next to the file you
> > opened ...)
> The default is actually the current directory, even if TMPDIR is set:
> $ vi -u NONE -s -e -c "set directory" -c q
>   directory=.,~/tmp,/var/tmp,/tmp

it iterates over the TEMPDIRNAMES macro if you havent defined it in
vimrc ...

from the vim source (os_unix_defs.h):

# define TEMPDIRNAMES "$TMPDIR", "/tmp", ".", "$HOME"

> Besides convenience, the reasoning follows asac's point: temporary
> directories often point to memory or are reset on reboot, which may
> render the file unaccessible in crashes, which is one of the main
> reasons to have a swap file in the first place.
> > that vim package is rather moot anyway, you cant really open files
> > anywhere but in $SNAPP_APP_USER_DATA_PATH due to the confinement.
> >
> > theoretically this package would need read access to everything ... but
> > even then there is the issue that once you sudo the $PATH gets changed
> > and you wont find the executable anymore.
> That's a case where the package functionality is useful for someone
> navigating the filesystem, so as long as we can use it with root or
> ubuntu, it's serving its intent I suppose.

the package is only useful for editing files after you copied them into
it cant open anything outside of this dir due to confinement (unless i
ship an override apparmor profile which means i cant upload to the store
and have automatic landings anymore)


More information about the snappy-devel mailing list