Only Docker snap is allowed to use "docker" and "docker-control" interfaces?
Gustavo Niemeyer
gustavo.niemeyer at canonical.com
Wed Dec 14 02:41:08 UTC 2016
One detail: note that once your snap goes into the store and passes
reviews, that issue goes away. Actual users of your snap in the wild don't
have to say --dangerous.
On Wed, Dec 14, 2016 at 12:40 AM, Gustavo Niemeyer <
gustavo.niemeyer at canonical.com> wrote:
> Hey Peng,
>
> We've overlooked a detail in the new interface system which makes it super
> inconvenient for you to develop with that interface. We're fixing that in
> the release due to go into proposal this week.
>
> Here is the short background, if you're interested: snapd blocks the
> connection because it knows the permissions granted by that specific
> interface into your system are way too wide. So it's protecting your system
> from an unknown snap that wants to do too much. That's a great thing!
> What's bad is that this is your own snap, of course. :-)
>
> So, the release this week will allow you to say --dangerous when
> installing it (thanks to John), and snapd will ignore that issue at your
> discretion. In the future, we'll make the mechanism even nicer by allowing
> you to sign the snap, and snapd will be able to correlate the fact this is
> your system with your signature and let it go through.
>
>
> On Wed, Dec 14, 2016 at 12:05 AM, Peng Liu <pengliu.mail at gmail.com> wrote:
>
>> Already, in the source code (snapd/interfaces/builtin/docker_support.go),
>> I found the docker-control interface is "reserved". Does that mean
>> third-party snap can not use it?
>>
>> On Tue, Dec 13, 2016 at 8:01 PM, Peng Liu <pengliu.mail at gmail.com> wrote:
>>
>>> Hi Folks,
>>>
>>> I am trying to build a snap which needs the permission to access docker
>>> related system files. I can build the snap successfully with snapcraft, but
>>> when I tried to installed it, the snap command report error "installation
>>> not allowed by "support" plug rule of interface "docker-support"
>>>
>>> Does snap command disable the support for "docker" and "docker-support"
>>> interfaces for all snaps except docker snap?
>>>
>>> Thanks.
>>>
>>> Peng
>>>
>>
>>
>> --
>> Snapcraft mailing list
>> Snapcraft at lists.snapcraft.io
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/snapcraft
>>
>>
>
>
> --
> gustavo @ http://niemeyer.net
>
--
gustavo @ http://niemeyer.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161214/4645a265/attachment-0001.html>
More information about the Snapcraft
mailing list