On 07/11/2013 12:38 PM, Jamie Strandboge wrote: > On 07/11/2013 10:31 AM, Colin Watson wrote: >> On Thu, Jul 11, 2013 at 09:40:30AM -0500, Ted Gould wrote: >>> A click package will have a version number defined, and will be >>> installed in a separate directory based on the version number. This >>> directory will be /opt/click.ubuntu.com/$(package)/$(version)/ >> >> You must not rely on this directory. It may change, particularly to >> support things like non-removable preinstalled apps in the system >> partition, or other cases of OEM apps. >> > > Not having a predictable location breaks application confinement. We > necessarily > need to know where apps are going to be installed. This can be solved by > having > different templates for the different install locations. It can also be solved > by saying these apps don't use application confinement. >
Actually, we have some flexibility here because of aa-clicktool. The manifest
could specify "click_dir" (could be named anything) like so:
{
"name": "com.ubuntu.developer.username.myapp",
"version": "0.1",
"maintainer": "Your Name <[email protected]>",
"title": "My Cool App",
"framework": "ubuntu-sdk-13.10",
"click_dir": "/some/other/place",
"security": {
"profiles": {
"myapp.desktop": {
"policy_groups": [
"networking"
],
"policy_version": 1.0
}
}
}
}
If aa-clicktool sees that "click_dir" is in the click manifest, it will set via
a template var for the following apparmor variable:
@{CLICK_DIR}="/some/other/place"
or if not present, default to:
@{CLICK_DIR}="/opt/click.ubuntu.com"
We then have in our apparmor profile rules like:
# Click packages
@{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/ r,
@{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/** r,
@{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/**/ r,
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
