On 07/11/2013 12:38 PM, Jamie Strandboge wrote: > On 07/11/2013 10:31 AM, Colin Watson wrote: >> On Thu, Jul 11, 2013 at 09:40:30AM -0500, Ted Gould wrote:
...
>>
>>> When the security hook runs it will create an AppArmor profile of the
>>> name $(click package)_$(application)_$(version) that the application
>>> should be confined with.
>>
>
> That is correct-- it looks at the name and version from the toplevel manifest
> and each key from the manifest['security']['profiles'] dictionary to create
> the
> profile names for different desktop files. We may only ship support one
> desktop
> file initially, but the apparmor click hook won't be limited by that going
> forward.
>
>>
>>> The same pattern as above should be consider the "Application ID" for
>>> all usage throughout the system. Including identifying the application
>>> to Mir/HUD/etc.
>>
> This keeps us in sync and I agree it is the correct approach. It handles
> namespacing will and keeps everything in sync between the different components
> (apparmor profile name, apparmor profile filename, APP_ID, etc).
>
> There is an interesting new requirement (to me anyway) that core applications
> will be packaged as click and some will not be confined (eg, the terminal
> app).
> While the hugely vast majority of apps will be confined (any unconfined apps
> will require manual review and not be automatically accepted), the manifest
> file
> needs to support this.
...
>
> I think a better idea is do this for unconfined apps:
> {
> "name": "com.ubuntu.developer.username.myapp",
> "version": "0.1",
> "maintainer": "Your Name <[email protected]>",
> "title": "My Cool App",
> "framework": "ubuntu-sdk-13.10",
> "security": {
> "profiles": {
> "myapp.desktop": {
> "template": "unconfined"
> },
> "myapp-camera.desktop": {
> "template": "unconfined"
> }
> }
> }
> }
>
> In other words, my team provides an unconfined template and everything else
> stays exactly the same (ie, no special casing-- we generate a (permissive)
> apparmor profile of the form of $(click package)_$(application)_$(version) and
> the upstart job can 'apparmor switch' into it just as with confined apps).
>
> I like this because it is consistent with our current implementation.
Discussed this with my team and decided this is the best approach. Implemented
in apparmor-easyprof-ubuntu 1.0.4, just uploaded to saucy. I'll update the wiki
now.
In other words, no special casing for click, hooks, Unity, upstart-app-launch,
etc.
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
