Fwd: Member not found

Gábor Paller gaborpaller at gmail.com
Fri Oct 30 18:12:05 UTC 2015


" Then install it and use 'snappy hw-assign' to give access to the
device to your snap."

Is that "snappy hw-assign" necessary after every installation?

On Fri, Oct 30, 2015 at 6:58 PM, Jamie Strandboge <jamie at canonical.com>
wrote:

> On 10/30/2015 12:08 PM, Gábor Paller wrote:
> > "This is an old yaml format and the policy vendor and version you are
> using
> > indicate this is from tools from before the 15.04 release (and there was
> a lot
> > of snappy activity prior to release)."
> >
> > I ran the new packaging tool and it generated an apparmor file like this:
> > {
> >   "template": "default",
> >   "policy_groups": [
> >     "networking"
> >   ],
> >   "policy_vendor": "ubuntu-core",
> >   "policy_version": 15.04
> > }
> >
> > It would be tempting to insert my read_path and write_path statements
> like
> > previously except that the packaging tool always overwrites this file
> whenever I
> > generate the package.
>
> Right, you aren't specifying the security policy correctly. The json file
> you
> are using is not how security policy is defined and you should be using the
> meta/package.yaml file instead and remove the .apparmor files you
> currently have
> (also, this intermediate json file is present for historical reasons and is
> currently in the process of being removed).
>
> Eg:
>
>
> http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/view/head:/python-xkcd-webserver/meta/package.yaml
>
> For your particular case, simply remove any reference to security-* or
> caps in
> your binaries and services section and rebuild the snap. This will give
> you the
> default policy. Then install it and use 'snappy hw-assign' to give access
> to the
> device to your snap.
>
> > It may be the limitation of my mental capabilities but a
> > file like this:
> >
> https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.apparmor
> > or this:
> >
> https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.seccomp
> > exceeds what I am capable of.
> >
> > Is there any way to modify somehow the apparmor file that is generated
> into my
> > meta directory and make sure that the packaging tool does not overwrite
> my changes?
> >
> That isn't how it works for the typical cases (see above) and the URLs you
> gave
> are for framework snaps with hand-crafted policy.
>
> It seems perhaps you are familiar with the out of date tools and
> instructions; I
> recommend reading up on the latest documentation here:
>
> http://developer.ubuntu.com/snappy
>
> That should clear a lot of things up. Also, more documentation updates are
> pending and should hit the site in the coming weeks.
>
> --
> Jamie Strandboge                 http://www.ubuntu.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20151030/46f30fb5/attachment-0001.html>


More information about the snappy-devel mailing list