Only Docker snap is allowed to use "docker" and "docker-control" interfaces?
YC Cheng
yc.cheng at canonical.com
Wed Dec 14 06:03:07 UTC 2016
Hi Gustavo,
Good to hear. Let me also publish this article: [Snappy Interfaces revisit]
https://docs.google.com/document/d/1stvuyn6evk9df7s58ZSAq7g5QOV5gxmWCVqiyEuwDDs/edit?usp=sharing
Feel like the work flow in page 3 need to update after you release the new
snapd. YC
2016-12-14 10:40 GMT+08:00 Gustavo Niemeyer <gustavo.niemeyer at canonical.com>
:
> Hey Peng,
>
> We've overlooked a detail in the new interface system which makes it super
> inconvenient for you to develop with that interface. We're fixing that in
> the release due to go into proposal this week.
>
> Here is the short background, if you're interested: snapd blocks the
> connection because it knows the permissions granted by that specific
> interface into your system are way too wide. So it's protecting your system
> from an unknown snap that wants to do too much. That's a great thing!
> What's bad is that this is your own snap, of course. :-)
>
> So, the release this week will allow you to say --dangerous when
> installing it (thanks to John), and snapd will ignore that issue at your
> discretion. In the future, we'll make the mechanism even nicer by allowing
> you to sign the snap, and snapd will be able to correlate the fact this is
> your system with your signature and let it go through.
>
>
> On Wed, Dec 14, 2016 at 12:05 AM, Peng Liu <pengliu.mail at gmail.com> wrote:
>
>> Already, in the source code (snapd/interfaces/builtin/docker_support.go),
>> I found the docker-control interface is "reserved". Does that mean
>> third-party snap can not use it?
>>
>> On Tue, Dec 13, 2016 at 8:01 PM, Peng Liu <pengliu.mail at gmail.com> wrote:
>>
>>> Hi Folks,
>>>
>>> I am trying to build a snap which needs the permission to access docker
>>> related system files. I can build the snap successfully with snapcraft, but
>>> when I tried to installed it, the snap command report error "installation
>>> not allowed by "support" plug rule of interface "docker-support"
>>>
>>> Does snap command disable the support for "docker" and "docker-support"
>>> interfaces for all snaps except docker snap?
>>>
>>> Thanks.
>>>
>>> Peng
>>>
>>
>>
>> --
>> Snapcraft mailing list
>> Snapcraft at lists.snapcraft.io
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/snapcraft
>>
>>
>
>
> --
> gustavo @ http://niemeyer.net
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20161214/d99777a7/attachment-0001.html>
More information about the Snapcraft
mailing list