Fwd: Member not found

Fri Oct 30 17:58:49 UTC 2015

On 10/30/2015 12:08 PM, Gábor Paller wrote:
> "This is an old yaml format and the policy vendor and version you are using
> indicate this is from tools from before the 15.04 release (and there was a lot
> of snappy activity prior to release)."
> 
> I ran the new packaging tool and it generated an apparmor file like this:
> {
>   "template": "default",
>   "policy_groups": [
>     "networking"
>   ],
>   "policy_vendor": "ubuntu-core",
>   "policy_version": 15.04
> }
> 
> It would be tempting to insert my read_path and write_path statements like
> previously except that the packaging tool always overwrites this file whenever I
> generate the package.

Right, you aren't specifying the security policy correctly. The json file you
are using is not how security policy is defined and you should be using the
meta/package.yaml file instead and remove the .apparmor files you currently have
(also, this intermediate json file is present for historical reasons and is
currently in the process of being removed).

Eg:

http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/view/head:/python-xkcd-webserver/meta/package.yaml

For your particular case, simply remove any reference to security-* or caps in
your binaries and services section and rebuild the snap. This will give you the
default policy. Then install it and use 'snappy hw-assign' to give access to the
device to your snap.

> It may be the limitation of my mental capabilities but a
> file like this:
> https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.apparmor
> or this:
> https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.seccomp
> exceeds what I am capable of.
> 
> Is there any way to modify somehow the apparmor file that is generated into my
> meta directory and make sure that the packaging tool does not overwrite my changes?
> 
That isn't how it works for the typical cases (see above) and the URLs you gave
are for framework snaps with hand-crafted policy.

It seems perhaps you are familiar with the out of date tools and instructions; I
recommend reading up on the latest documentation here:

http://developer.ubuntu.com/snappy

That should clear a lot of things up. Also, more documentation updates are
pending and should hit the site in the coming weeks.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20151030/d1f50e97/attachment.pgp>