Hi Jamie! Thanks for the response. i'll come back to you later when I can check and test some of the suggestions you have made :)
Best, Eloy 2017-04-17 16:13 GMT+02:00 Jamie Strandboge <[email protected]>: > On Sun, 2017-04-16 at 21:06 -0400, Michael Hall wrote: > > Running a script inside of your snap with either /bin/sh or /bin/bash > > should be no problem at all. However looking at your script I see that > > you're making dbus calls out to the Plasma Shell, and that *will* be > > blocked by the strict confinement. > > > > You will probably need to get a snapd interface created to support this > > dbus interface, or maybe you can use the generic 'dbus' interface and > > specify this service, which would have to be manuall connected. I'm > > hoping someone from the snapd or security teams can chime in and be more > > specific about what your options are here. > > > It looks like your script is using qdbus to tell the PlasmaShell to run a > script > for changing the wallpaper to something your snap specifies. Assuming your > snap > ships qdbus, then the 'only' thing that would be required would be to add a > snappy interface to allow access to this dbus call. > > A few things things: > > 1. today we have the 'unity7' interface for use on classic distributions. > We'll > be introducing gnome and plasma interfaces for running snaps under > those DEs > 2. it looks like your qdbus command is sending a script over for > PlasmaShell to > execute. Since plasma shell runs the script in the context of plasma > (ie, > unconfined), this would allow breaking out of application confinement. > If > this snappy interface was added, it would be considered a privileged > interface > 3. is there another wallpaper API or standard KDE command line utility > that can > be used instead of plasmashell that doesn't allow breaking out of > confinement? If so, I recommend using that instead-- then perhaps we > can add > a 'desktop-wallpaper' interface. > > For now, feel free to use 'confinement: devmode' in your snap and please > file a > bug (with the 'snapd-interface' tag) here to request your interface > addition: > > https://bugs.launchpad.net/snapd/+filebug > > > > Michael Hall > > [email protected] > > > > On 04/16/2017 05:13 PM, Eloy García (PC Actual) wrote: > > > Hello everybody. > > > > > > I develop a graphical java-based application which is published in the > > > Ubuntu Store as a snap package (sctrict confinment) called > > > wallpaperdownloader to download, manage and set desktop wallpapers. > > > > > > I'm developing version 2.7 which will bring KDE support, but for this I > > > need to execute a shell script from Java. In classic confinement and > > > natively, this script is executed without problems. I use this code to > do > > > it: > > > > > > process = Runtime.getRuntime().exec("/bin/sh " + > WDUtilities.getAppPath() + > > > WDUtilities.URL_SLASH + WDUtilities.PLASMA_SCRIPT + " " > + wallpaperPath); > > > > > > As you can see, I use /bin/sh command to run the script. This is the > > > content of the script: > > > > > > #!/bin/bash > > > > > > # Changing wallpaper > > > qdbus org.kde.plasmashell /PlasmaShell > > > org.kde.PlasmaShell.evaluateScript > > > "var allDesktops = desktops();print (allDesktops);for > > > (i=0;i<allDesktops.length;i++) {d = > > > allDesktops[i];d.wallpaperPlugin = 'org.kde.image';d.currentConfigGroup > = > > > Array('Wallpaper', 'org.kde.image', 'General');d.writeConfig('Image', > > > 'file://"$1"')}" > > > > > > This command changes the current wallpaper for version 5.8 or higher in > > > Plasma. > > > > > > When this part is executed within the snap package (strict > confinement), > > > nothing happens. I have tried to include bash and dash pacakges as > > > stage-packages but it doesn work. Is this something that can be > achieved > > > using the snap package system? > > > > > > Thank you very much! > > > > > > Best, > > > > > > Eloy > > > > > > > > -- > Jamie Strandboge | http://www.canonical.com > -- > Snapcraft mailing list > [email protected] > Modify settings or unsubscribe at: https://lists.ubuntu.com/ > mailman/listinfo/snapcraft > > -- Eloy García Almadén -- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
