Snappy Confinement and AppArmor

Jamie Strandboge jamie at canonical.com
Wed Feb 25 20:34:49 UTC 2015 

On 02/25/2015 02:14 PM, Oliver Grawert wrote:
> hi,
> 
> Am Mittwoch, den 25.02.2015, 16:23 -0300 schrieb Sergio Schvezov:
>>
>> Maybe I'm wrong and this eases the transition to desktop in the future, I 
>> don't know; but in the case of an editor, I'm not sure how to avoid manual 
>> review and blindly trust the binary at the same time.
> 
> Well, I'm not sure how we want to treat apps like libreoffice, emacs etc
> in the snappy desktop world. 
> 
> One of the biggest advantages I see in a central store and our security
> model is that everyone can upload to it without being a part of an
> exclusive elite of "ubuntu uploaders" and i.e. upload his own re-build
> of an existing app with $cool_feature enabled at build time ... will we
> have to re-view all of these changes then ? that would make the above
> advantage a moot thing ...
> 
Right, that is a key point. The only reason why apps require a manual review is
because of store policy. We have automated reviews of uploads from untrusted 3rd
party developers-- that means we have to be very strict to protect Ubuntu's
reputation, the store's reputation and the store's users.

The store could just as easily support a different policy-- if the app comes
from a trusted party, then it could have whatever confinement it wants. We
actually do this now for core apps that are shipped as clicks in the click store
(a few need special confinement but are allowed through since they are developed
by trusted developers). This is conceptually similar to treating the store like
the Ubuntu archive for certain apps with members of ubuntu-core-dev allowed to
upload to it.

For things needing wide access like editors, I imagine we might create a trusted
team ala ubuntu-core-dev and allow apps from uploaders from this team to be
allowed in.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150225/8abf01fb/attachment.pgp>

More information about the snappy-devel mailing list