Is there any particular missing feature you're blocked on today? Can you please provide a bit more detail about that particular case?
We'd be happy to work through that with you and make sure you're not blocked. On Wed, Feb 1, 2017 at 6:29 PM, Howard Cochran < [email protected]> wrote: > On Wed, Feb 1, 2017 at 2:02 PM, Gustavo Niemeyer <[email protected]> > wrote: > > > > Such embedded devices are still computers on the network. We'll all be > much > > better off if they are running their applications confined and secured. > > > > That said, we understand that it takes some time and effort until most > > software is properly confined, which is why we support snaps with classic > > and devmode confinement. > > > > Even there, though, we're keen to ensure that the general model supports > a > > comfortable migration towards proper confinement, as that's where we'll > all > > want to be in the end, so we shouldn't just go loose and implement > features > > that we know will break confinement unnecessarily. > > Those are all very good points, and I agree with them. It appears, to > me, though, that systemd has many features that can enhance > confinement and/or tailor it in very targeted ways. It would be nice > to be able to leverage those features. And many of its directives > don't break confinement (especially some very common ones like > Condition* and ExecStartPre/Post, Before, After, PartOf, Wants, > Conflicts, RuntimeDirectory, and others. Perhaps snapcraft could have > a whitelist of allowed directives when confinement mode is strict? > > Thanks, > Howard > > -- > Snapcraft mailing list > [email protected] > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/snapcraft > -- gustavo @ http://niemeyer.net
-- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
