Snappy Confinement and AppArmor
Oliver Grawert
ogra at ubuntu.com
Wed Feb 25 20:14:40 UTC 2015
hi,
Am Mittwoch, den 25.02.2015, 16:23 -0300 schrieb Sergio Schvezov:
>
> DISCLAIMER: These are just my thoughts and can be totally discarded.
am I allowed to not discard them too ? ;)
>
> I know some people want to bring the whole debian/ubuntu archive over to
> snaps, but for product building, do you really need some of these tools? In
> cloud perhaps and that should be solved by comfy as Jamie mentions.
this was a totally spontaneous thing ...
when I ended my workday yesterday I took i final look in the #snappy
channel where someone asked why vim isn't included (I told him about vi
but he wants the full bells and whistles) ...
we got into a conversation about how hard/easy it is to roll snaps ...
and while we had that conversations I rolled the vim snap on the side,
this wasn't a planned thing and I definitely don't aim for bringing all
debs to snappy ... I knew from my try to package htop before that I
can't access system critical dirs ... I wasn't aware that I can't access
anything at all (beyond the $SNAP_APP_* dirs) before I tried it though,
else I would not have started rolling that snap :)
in the end I think it wasn't bad at all since it stirred up some useful
conversations :)
> Maybe I'm wrong and this eases the transition to desktop in the future, I
> don't know; but in the case of an editor, I'm not sure how to avoid manual
> review and blindly trust the binary at the same time.
Well, I'm not sure how we want to treat apps like libreoffice, emacs etc
in the snappy desktop world.
One of the biggest advantages I see in a central store and our security
model is that everyone can upload to it without being a part of an
exclusive elite of "ubuntu uploaders" and i.e. upload his own re-build
of an existing app with $cool_feature enabled at build time ... will we
have to re-view all of these changes then ? that would make the above
advantage a moot thing ...
what will our story for (non unity8) desktop apps actually be in the
end ?
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 173 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150225/501da50b/attachment-0001.pgp>
More information about the snappy-devel
mailing list