how to add extra permissions to a snap?
Sergio Schvezov
sergio.schvezov at canonical.com
Wed May 4 12:49:22 UTC 2016
El 04/05/16 a las 09:44, Yann Sionneau escribió:
> Hello,
Hello
> Follow up from a call with Pedro Coca and Didier Roche, I'm sending my
> question on the mailing list as agreed:
>
> On an IoT device, in the situation of a branded store (so not the main
> public one), how can I do snaps for my device that have special extra
> rights?
> Is it already planned how to achieve this? If yes how? If no can this be
> planned?
>
> By extra rights, I mean adding access to extra syscalls (others from
> those already granted in network and otheralready existing interfaces),
> or read_paths or write_paths, kind of like what was possible before with
> unconfined/old-security stuff which have been removed.
> I guess this means adding new interfaces which grant those extra rights?
First of all, not saying this is the way it will be, just a way I
imagine it could be.
You add your interface support to the os through snapd; it may or may
not be marked restricted depending on what that functionality is. In
your branded store you may be able to white list certain restricted
interfaces if necessary.
I am just brainstorming here, take my comment with a grain of salt ;-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160504/310670b4/attachment.pgp>
More information about the snappy-devel
mailing list