Snappy Confinement and AppArmor
Oliver Grawert
ogra at ubuntu.com
Wed Feb 25 19:09:56 UTC 2015
hi,
Am Mittwoch, den 25.02.2015, 12:44 -0600 schrieb Jamie Strandboge:
> On 02/25/2015 09:52 AM, Gustavo Niemeyer wrote:
>
> >> the package is only useful for editing files after you copied them into
> >> $HOME/apps/vim.ogra/<version>/
> >> it cant open anything outside of this dir due to confinement (unless i
> >> ship an override apparmor profile which means i cant upload to the store
> >> and have automatic landings anymore)
> >
> > That means it's somewhat of a toy. It'd be nice to have a better
> > answer for people that want to use common editors. That's actually one
> > of the very weak points I felt when using Core OS for a while.. many
> > mundane procedures based on using common tools suddenly became an
> > uncomfortable hack. It'd be great to do better on that area.
> >
> I agree and this is what comfy is intended to solve, at least in part.
right, this is why i wrote:
"that vim package is rather moot anyway, you cant really open files
anywhere but in $SNAPP_APP_USER_DATA_PATH due to the confinement. "
...a few mails above :)
that vim package was initially more to prove that you can re-purpose
node-snapper to roll you a multi arch snap within less than 20min,
which, in the end worked just fine ... I simply didn't think about
confinement when starting this and only fell into that trap later.
My expectations are probably not so far off from other outside
developers though and there is nothing in our documentation screaming in
my face "don't package an editor as snap, you wont be able to open files
anyway" ...
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 173 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150225/c70d7459/attachment.pgp>
More information about the snappy-devel
mailing list