'Unconfined' apps

Fabio Colella fcole90 at gmail.com
Fri Sep 9 17:06:05 UTC 2016


Hi,
I agree with Alan.
Some other snaps that could need something like this could be app launchers
(e.g. Whisker Menu) and desktop environments.

Cheers

On 9 September 2016 at 12:58, Alan Pope <alan.pope at canonical.com> wrote:

> Hi,
>
> This is an architectural snappy question where I have one use case,
> but have seen others mention similar issues which may be related.
> Perhaps they could speak up also with their requirements.
>
> With regards to
> https://code.launchpad.net/~popey/ubuntu-terminal-app/add-
> snapcraft-config/+merge/305206
>
> http://people.canonical.com/~alan/ubuntu-terminal-app_0.7.207_amd64.snap
>
> I made the above merge and snap to test out the phone terminal app on
> the desktop as a snap, for possible inclusion in the store. The goal
> being that people can install it on a Unity8 snap-only system.
>
> But, it's a bit useless in its current form, due in part to our
> confinement and store policies. In the click store (on the phone) the
> app is unconfined, so can access files/programs outside of the click.
>
> If I set confinement to be 'strict' then I can put it in the stable
> store, but you can't actually run any non-built-in things (like ssh,
> top), making it unusable for most people.
>
> If I make it use the 'devmode' confinement policy then it (as I
> understand it) *cannot* go into the stable store (by policy), but can
> execute external commands in the core. However, it can't be used to
> launch other executables in other snaps, making it somewhat useless on
> a snap-only system with other tools installed.
>
> I don't believe this to be unique to this terminal, nor
> desktop/graphical apps, other snap-packaged terminals (and file
> managers & other system level things) may have the same issue.
>
> How do we we resolve this? Do we request a security exception & code audit?
> Is there some other planned interface for these kinds of 'expert' apps
> which need to reach outside of their confinement?
>
> Cheers,
> --
> Alan Pope
> Community Manager
>
> Canonical - Ubuntu Engineering and Services
> +44 (0) 7973 620 164
> alan.pope at canonical.com
> http://ubuntu.com/
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160909/63dc515a/attachment.html>


More information about the Snapcraft mailing list