apparmor profile for snap package

Zygmunt Krynicki zygmunt.krynicki at canonical.com
Fri Apr 1 10:46:42 UTC 2016 

Hey Marco

I'm sorry for your issues. This area will be wholly replaced by
interfaces. We will soon switch over from old apparmor/seccomp code to
one that is fully backed by interfaces. Until then there is little
point in inspecting this problem as all of the implementation is
different.

Please hold on.

Best regards
ZK

On Thu, Mar 31, 2016 at 4:49 PM, Marco Tangl <Marco.Tangl at dewetron.com> wrote:
> Hi all,
>
>
>
> unfortunately I am not able to change the apparmor profile for my generated
> snap packages, targeting snappy Core 16.04 (amd64-all-snap.img from
> 04-Feb-2016)
>
>
>
> I generated 2 snaps with different  snapraft.yaml files, and compared the
> resulting  appamor_package_profile located in
>
> /var/lib/snappy/apparmor/profiles/packagename.sideload_XXXX.
>
>
>
> Result:
>
> The file stays the same, no matter what I adjusted in my .yaml files …..
>
>
>
> ##############
>
> 1st yaml (default permissions):
>
>>
> apps:
>
>   my_server:
>
>     command: bin/my_server.sh
>
>     daemon: simple
>
>
>
> parts:
>
>>
>
>
> ############
>
> 2nd yaml (enhanced permissions):
>
>>
> apps:
>
>   my_server:
>
>     command: bin/my_server.sh
>
>     daemon: simple
>
>     plugs: [srv]
>
>
>
> plugs:
>
>   srv:
>
>     caps:
>
>       - network-listener
>
>       - network-service
>
>       - network-management
>
>
>
>     security-override:
>
>       properties:
>
>         read-paths:
>
>           - /run/udev/data/*
>
>           - /etc/network/interfaces.d/**
>
>         write-paths:
>
>           - /dev/ttyS0
>
>
>
> parts:
>
>>
>
>
> With the “write-paths” I want to allow my server application to  access the
> serial port, not sure if this is ok that way??
>
> I just don’t want to execute the “snappy hw-assign” command on my
> destination system.
>
>
>
> Hope someone can help me further!?
>
> Many thanks in advance,
>
>
>
> Marco
>
>
> --
> snappy-devel mailing list
> snappy-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snappy-devel
>

More information about the snappy-devel mailing list