Executing a script inside snap package. Is this possible?

Eloy García (PC Actual) eloy.garcia.pca at gmail.com
Tue Apr 18 13:14:33 UTC 2017 

Hi Jamie! Thanks for the response. i'll come back to you later when I can
check and test some of the suggestions you have made :)

Best,

Eloy

2017-04-17 16:13 GMT+02:00 Jamie Strandboge <jamie at canonical.com>:

> On Sun, 2017-04-16 at 21:06 -0400, Michael Hall wrote:
> > Running a script inside of your snap with either /bin/sh or /bin/bash
> > should be no problem at all. However looking at your script I see that
> > you're making dbus calls out to the Plasma Shell, and that *will* be
> > blocked by the strict confinement.
> >
> > You will probably need to get a snapd interface created to support this
> > dbus interface, or maybe you can use the generic 'dbus' interface and
> > specify this service, which would have to be manuall connected. I'm
> > hoping someone from the snapd or security teams can chime in and be more
> > specific about what your options are here.
> >
> It looks like your script is using qdbus to tell the PlasmaShell to run a
> script
> for changing the wallpaper to something your snap specifies. Assuming your
> snap
> ships qdbus, then the 'only' thing that would be required would be to add a
> snappy interface to allow access to this dbus call.
>
> A few things things:
>
> 1. today we have the 'unity7' interface for use on classic distributions.
> We'll
>    be introducing gnome and plasma interfaces for running snaps under
> those DEs
> 2. it looks like your qdbus command is sending a script over for
> PlasmaShell to
>    execute. Since plasma shell runs the script in the context of plasma
> (ie,
>    unconfined), this would allow breaking out of application confinement.
> If
>    this snappy interface was added, it would be considered a privileged
>    interface
> 3. is there another wallpaper API or standard KDE command line utility
> that can
>    be used instead of plasmashell that doesn't allow breaking out of
>    confinement? If so, I recommend using that instead-- then perhaps we
> can add
>    a 'desktop-wallpaper' interface.
>
> For now, feel free to use 'confinement: devmode' in your snap and please
> file a
> bug (with the 'snapd-interface' tag) here to request your interface
> addition:
>
> https://bugs.launchpad.net/snapd/+filebug
>
>
> > Michael Hall
> > mhall119 at ubuntu.com
> >
> > On 04/16/2017 05:13 PM, Eloy García (PC Actual) wrote:
> > > Hello everybody.
> > >
> > > I develop a graphical java-based application which is published in the
> > > Ubuntu Store as a snap package (sctrict confinment) called
> > > wallpaperdownloader to download, manage and set desktop wallpapers.
> > >
> > > I'm developing version 2.7 which will bring KDE support, but for this I
> > > need to execute a shell script from Java. In classic confinement and
> > > natively, this script is executed without problems. I use this code to
> do
> > > it:
> > >
> > > process = Runtime.getRuntime().exec("/bin/sh " +
> WDUtilities.getAppPath() +
> > > WDUtilities.URL_SLASH + WDUtilities.PLASMA_SCRIPT + " "
> +  wallpaperPath);
> > >
> > > As you can see, I use /bin/sh command to run the script. This is the
> > > content of the script:
> > >
> > > #!/bin/bash
> > >
> > > # Changing wallpaper
> > > qdbus org.kde.plasmashell /PlasmaShell
> > > org.kde.PlasmaShell.evaluateScript
> > > "var allDesktops = desktops();print (allDesktops);for
> > > (i=0;i<allDesktops.length;i++) {d =
> > > allDesktops[i];d.wallpaperPlugin = 'org.kde.image';d.currentConfigGroup
> =
> > > Array('Wallpaper', 'org.kde.image', 'General');d.writeConfig('Image',
> > > 'file://"$1"')}"
> > >
> > > This command changes the current wallpaper for version 5.8 or higher in
> > > Plasma.
> > >
> > > When this part is executed within the snap package (strict
> confinement),
> > > nothing happens. I have tried to include bash and dash pacakges as
> > > stage-packages but it doesn work. Is this something that can be
> achieved
> > > using the snap package system?
> > >
> > > Thank you very much!
> > >
> > > Best,
> > >
> > > Eloy
> > >
> >
> >
> --
> Jamie Strandboge             | http://www.canonical.com
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>


-- 
Eloy García Almadén

More information about the Snapcraft mailing list