On 22 November 2016 at 16:41, Boris Rybalkin <[email protected]> wrote:
> Done: https://bugs.launchpad.net/snappy/+bug/1643816 > > I am not sure why snapd tries to have another layer of daemon > configuration on top of systemd and not plain systemd template with snap > variables. > If a snap has too much control over the systemd service file that gets created, it could use this to escape containment and gain root on the box. snapd needs to ensure that the only programs that get launched are contained in the snap, and block other issues like killing arbitrary processes by pointing to someone elses pid file or overwriting arbitrary files by logging somewhere it shouldn't. -- Stuart Bishop <[email protected]>
-- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
