apparmor profile for snap package
Zygmunt Krynicki
zygmunt.krynicki at canonical.com
Fri Apr 1 10:46:42 UTC 2016
Hey Marco
I'm sorry for your issues. This area will be wholly replaced by
interfaces. We will soon switch over from old apparmor/seccomp code to
one that is fully backed by interfaces. Until then there is little
point in inspecting this problem as all of the implementation is
different.
Please hold on.
Best regards
ZK
On Thu, Mar 31, 2016 at 4:49 PM, Marco Tangl <Marco.Tangl at dewetron.com> wrote:
> Hi all,
>
>
>
> unfortunately I am not able to change the apparmor profile for my generated
> snap packages, targeting snappy Core 16.04 (amd64-all-snap.img from
> 04-Feb-2016)
>
>
>
> I generated 2 snaps with different snapraft.yaml files, and compared the
> resulting appamor_package_profile located in
>
> /var/lib/snappy/apparmor/profiles/packagename.sideload_XXXX.
>
>
>
> Result:
>
> The file stays the same, no matter what I adjusted in my .yaml files …..
>
>
>
> ##############
>
> 1st yaml (default permissions):
>
> …
>
> apps:
>
> my_server:
>
> command: bin/my_server.sh
>
> daemon: simple
>
>
>
> parts:
>
> …
>
>
>
> ############
>
> 2nd yaml (enhanced permissions):
>
> …
>
> apps:
>
> my_server:
>
> command: bin/my_server.sh
>
> daemon: simple
>
> plugs: [srv]
>
>
>
> plugs:
>
> srv:
>
> caps:
>
> - network-listener
>
> - network-service
>
> - network-management
>
>
>
> security-override:
>
> properties:
>
> read-paths:
>
> - /run/udev/data/*
>
> - /etc/network/interfaces.d/**
>
> write-paths:
>
> - /dev/ttyS0
>
>
>
> parts:
>
> …
>
>
>
> With the “write-paths” I want to allow my server application to access the
> serial port, not sure if this is ok that way??
>
> I just don’t want to execute the “snappy hw-assign” command on my
> destination system.
>
>
>
> Hope someone can help me further!?
>
> Many thanks in advance,
>
>
>
> Marco
>
>
> --
> snappy-devel mailing list
> snappy-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snappy-devel
>
More information about the snappy-devel
mailing list