AW: apparmor profile for snap package

Fri, 01 Apr 2016 08:28:06 -0700 

Hi Zygmunt,

many thanks for this information!!

BR
Marco

-----Ursprüngliche Nachricht-----
Von: Zygmunt Krynicki [mailto:zygmunt.kryni...@canonical.com] 
Gesendet: Freitag, 01. April 2016 12:47
An: Marco Tangl <marco.ta...@dewetron.com>
Cc: snappy-devel@lists.ubuntu.com
Betreff: Re: apparmor profile for snap package

Hey Marco

I'm sorry for your issues. This area will be wholly replaced by interfaces. We 
will soon switch over from old apparmor/seccomp code to one that is fully 
backed by interfaces. Until then there is little point in inspecting this 
problem as all of the implementation is different.

Please hold on.

Best regards
ZK

On Thu, Mar 31, 2016 at 4:49 PM, Marco Tangl <marco.ta...@dewetron.com> wrote:
> Hi all,
>
>
>
> unfortunately I am not able to change the apparmor profile for my 
> generated snap packages, targeting snappy Core 16.04 
> (amd64-all-snap.img from
> 04-Feb-2016)
>
>
>
> I generated 2 snaps with different  snapraft.yaml files, and compared 
> the resulting  appamor_package_profile located in
>
> /var/lib/snappy/apparmor/profiles/packagename.sideload_XXXX.
>
>
>
> Result:
>
> The file stays the same, no matter what I adjusted in my .yaml files …..
>
>
>
> ##############
>
> 1st yaml (default permissions):
>
> …
>
> apps:
>
>   my_server:
>
>     command: bin/my_server.sh
>
>     daemon: simple
>
>
>
> parts:
>
> …
>
>
>
> ############
>
> 2nd yaml (enhanced permissions):
>
> …
>
> apps:
>
>   my_server:
>
>     command: bin/my_server.sh
>
>     daemon: simple
>
>     plugs: [srv]
>
>
>
> plugs:
>
>   srv:
>
>     caps:
>
>       - network-listener
>
>       - network-service
>
>       - network-management
>
>
>
>     security-override:
>
>       properties:
>
>         read-paths:
>
>           - /run/udev/data/*
>
>           - /etc/network/interfaces.d/**
>
>         write-paths:
>
>           - /dev/ttyS0
>
>
>
> parts:
>
> …
>
>
>
> With the “write-paths” I want to allow my server application to  
> access the serial port, not sure if this is ok that way??
>
> I just don’t want to execute the “snappy hw-assign” command on my 
> destination system.
>
>
>
> Hope someone can help me further!?
>
> Many thanks in advance,
>
>
>
> Marco
>
>
> --
> snappy-devel mailing list
> snappy-devel@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snappy-devel
>
-- 
snappy-devel mailing list
snappy-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snappy-devel

Reply via email to