Snappy Confinement and AppArmor
Gustavo Niemeyer
gustavo.niemeyer at canonical.com
Wed Feb 25 15:52:47 UTC 2015
On Wed, Feb 25, 2015 at 12:38 PM, Oliver Grawert <ogra at ubuntu.com> wrote:
> Am Mittwoch, den 25.02.2015, 12:24 -0300 schrieb Gustavo Niemeyer:
>> On Wed, Feb 25, 2015 at 12:01 PM, Oliver Grawert <ogra at ubuntu.com> wrote:
>> > it iterates over:
>> >
>> > $TMPDIR, $(pwd), /tmp
>> >
>> > if non of these is writeable it throws an error (usually $TMPDIR isnt
>> > set so you end up with a .$filename.swp file next to the file you
>> > opened ...)
>>
>> The default is actually the current directory, even if TMPDIR is set:
>>
>> $ vi -u NONE -s -e -c "set directory" -c q
>> directory=.,~/tmp,/var/tmp,/tmp
>
> it iterates over the TEMPDIRNAMES macro if you havent defined it in
> vimrc ...
-u NONE disables vimrc and plugins.
> from the vim source (os_unix_defs.h):
>
> # define TEMPDIRNAMES "$TMPDIR", "/tmp", ".", "$HOME"
src/os_unix.h:# define DFLT_DIR ".,~/tmp,/var/tmp,/tmp" /*
default for 'directory' */
> the package is only useful for editing files after you copied them into
> $HOME/apps/vim.ogra/<version>/
> it cant open anything outside of this dir due to confinement (unless i
> ship an override apparmor profile which means i cant upload to the store
> and have automatic landings anymore)
That means it's somewhat of a toy. It'd be nice to have a better
answer for people that want to use common editors. That's actually one
of the very weak points I felt when using Core OS for a while.. many
mundane procedures based on using common tools suddenly became an
uncomfortable hack. It'd be great to do better on that area.
gustavo @ http://niemeyer.net
More information about the snappy-devel
mailing list