Fwd: Member not found

Jamie Strandboge jamie at canonical.com
Fri Oct 30 18:32:40 UTC 2015


On 10/30/2015 01:12 PM, Gábor Paller wrote:
> " Then install it and use 'snappy hw-assign' to give access to the
> device to your snap."
> 
> Is that "snappy hw-assign" necessary after every installation?
> 
On 15.04 you have two options, either use hw-assign (which is aimed at
developers) or use oem assign (which is aimed at appliance builders). If you are
interested in oem assign, you might want to take a look at the appliance builder
guide:

https://developer.ubuntu.com/en/snappy/guides/appliance-builder-guide-webcam/

The upcoming documentation updates I mentioned will also cover this in more detail.

Jamie

PS - note, hardware access is in the process of being redesigned and future
versions (eg, 16.04) of snappy will do things differently. Keep an eye on this
list for details in the coming months.

> On Fri, Oct 30, 2015 at 6:58 PM, Jamie Strandboge <jamie at canonical.com
> <mailto:jamie at canonical.com>> wrote:
> 
>     On 10/30/2015 12:08 PM, Gábor Paller wrote:
>     > "This is an old yaml format and the policy vendor and version you are using
>     > indicate this is from tools from before the 15.04 release (and there was a lot
>     > of snappy activity prior to release)."
>     >
>     > I ran the new packaging tool and it generated an apparmor file like this:
>     > {
>     >   "template": "default",
>     >   "policy_groups": [
>     >     "networking"
>     >   ],
>     >   "policy_vendor": "ubuntu-core",
>     >   "policy_version": 15.04
>     > }
>     >
>     > It would be tempting to insert my read_path and write_path statements like
>     > previously except that the packaging tool always overwrites this file whenever I
>     > generate the package.
> 
>     Right, you aren't specifying the security policy correctly. The json file you
>     are using is not how security policy is defined and you should be using the
>     meta/package.yaml file instead and remove the .apparmor files you currently have
>     (also, this intermediate json file is present for historical reasons and is
>     currently in the process of being removed).
> 
>     Eg:
> 
>     http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/view/head:/python-xkcd-webserver/meta/package.yaml
> 
>     For your particular case, simply remove any reference to security-* or caps in
>     your binaries and services section and rebuild the snap. This will give you the
>     default policy. Then install it and use 'snappy hw-assign' to give access to the
>     device to your snap.
> 
>     > It may be the limitation of my mental capabilities but a
>     > file like this:
>     > https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.apparmor
>     > or this:
>     > https://github.com/ubuntu-core/snappy-testdata/blob/master/hello-dbus/package-dir-fwk/meta/svc.seccomp
>     > exceeds what I am capable of.
>     >
>     > Is there any way to modify somehow the apparmor file that is generated into my
>     > meta directory and make sure that the packaging tool does not overwrite my changes?
>     >
>     That isn't how it works for the typical cases (see above) and the URLs you gave
>     are for framework snaps with hand-crafted policy.
> 
>     It seems perhaps you are familiar with the out of date tools and instructions; I
>     recommend reading up on the latest documentation here:
> 
>     http://developer.ubuntu.com/snappy
> 
>     That should clear a lot of things up. Also, more documentation updates are
>     pending and should hit the site in the coming weeks.
> 
>     --
>     Jamie Strandboge                 http://www.ubuntu.com/
> 
> 


-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20151030/725fcc9e/attachment.pgp>


More information about the snappy-devel mailing list