Stuart, Thanks for update, I will test soon, just setting a build on out build server.
What about these settings, are they supported in some form? KillSignal=SIGQUIT StandardError=syslog NotifyAccess=all Also does snapd currently validates that snap does not have something like this: command: /usr/bin/foo I guess my concern is coming from the need to convert systemd to another format as it will probably grow into some kind of subset of systemd config. I though snapd would parse native systemd file format and do same validation instead. Thanks. On Tue, Nov 29, 2016 at 11:36 AM, Stuart Bishop <[email protected] > wrote: > > > On 22 November 2016 at 16:41, Boris Rybalkin <[email protected]> wrote: > >> Done: https://bugs.launchpad.net/snappy/+bug/1643816 >> >> I am not sure why snapd tries to have another layer of daemon >> configuration on top of systemd and not plain systemd template with snap >> variables. >> > If a snap has too much control over the systemd service file that gets > created, it could use this to escape containment and gain root on the box. > snapd needs to ensure that the only programs that get launched are > contained in the snap, and block other issues like killing arbitrary > processes by pointing to someone elses pid file or overwriting arbitrary > files by logging somewhere it shouldn't. > > > > -- > Stuart Bishop <[email protected]> > > -- > Snapcraft mailing list > [email protected] > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/snapcraft > > -- Boris Rybalkin [email protected]
-- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
