Snappy capability types and attributes
John Lenton
john.lenton at canonical.com
Tue Nov 17 17:02:22 UTC 2015
On 17 November 2015 at 16:44, Zygmunt Krynicki
<zygmunt.krynicki at canonical.com> wrote:
> On Tue, Nov 17, 2015 at 5:32 PM, John Lenton <john.lenton at canonical.com> wrote:
>> On 17 November 2015 at 15:11, Zygmunt Krynicki
>> <zygmunt.krynicki at canonical.com> wrote:
>>> 2. The second reason is that REST API is currently not something you
>>> can directly access. For most intents and purposes it's not "public"
>>
>> This isn't exactly true, though; all you need is something that knows
>> how to talk http over a unix socket. e.g.,
>
> Well, that sudo is something of a security loophole.
not a loophole per se; right now the socket is 0600 root:root. When
snapd learns to use SO_PEERCRED we can relax that so that the regular
use do non-privileged operations, but privileged operations will
always require admin access. Manipulating capabilities is privileged,
right?
> My point was that it's not _meant_ to be accessed by every snap on the
> system and we'll probably grant special capability to select
> applications to let them actually open that socket to begin with.
Yes. That already exists; http.chipaca has the 'snapd' capability
(otherwise it wouldn't work).
More information about the snappy-devel
mailing list