On 20 January 2017 at 19:59, Mark Shuttleworth wrote:
>
> Any recommendations for dealing with those?
>
Do exec* and friends need to be patched somehow, so that if processes are
spawned from a classic snap with targets outside snapd containment then the
environment is cleaned?
On 20/01/17 15:36, Joseph Rushton Wakeling wrote:
> Does this mean that classic snaps automatically have network access?
> In any case it looks like requesting it explicitly causes a problem in
> generating the appropriate apparmor profile.
Yes, we're untangling the confinement logic at the