> On 15 Sep 2016, at 01:43, Leo Arias <leo.ar...@canonical.com> wrote: > > On 2016-09-07 19:31, Mark Shuttleworth wrote: >>> 1) Is there some way I can be specifying a list of commands my snapped >>>> app is allowed to call? >> You could. But I think there is a class of things that should be allowed >> to integrate with the classic shell environment, which means they can >> shell out to lots of things. > > What about --devmode? Should devmode allow calls to all binaries in the > $PATH?
As discussed a few times this is technically challenging to do. All of “classic” is visible from /var/lib/snapd/hostfs/ but there is no guarantee that you can run them in any way. They may require the classic dynamic linker, the classic runtime libraries and the classic filesystem layout that are all lost when snap-confine sets up the execution environment. If there’s desire to run executables from the outside we could look for solutions but this is not as simple as “just use devmode” Thanks ZK -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
