Ubuntu Core: how the file-system works
Mark Shuttleworth
mark at ubuntu.com
Fri Jan 20 16:33:34 UTC 2017
On 20/01/17 08:03, Luca Dionisi wrote:
> If I understand it correctly, an unconfined app will be able in the
> system
> to do whatever my standard user would be able to. For instance, if I
> log into my ubucore16 (the name of my KVM instance) and issue:
> sudo sysctl net.ipv4.ip_forward=1
> -or-
> sudo ip address add 10.0.0.10 dev eth0
> it reports success. Thus, if I run an unconfined app which tries to do the
> same it will succeed. Whilst a strictly confined app would not, if it is
> not hooked to a certain capability.
> So far, so good?
Ubuntu Core is confined-snaps-only. Ubuntu Classic allows less confined
snaps.
The commands you're wanting to run should be fine, though, with the
right interfaces in place for your confined snap on Ubuntu Core. I think
you meant that when you said 'hooked for a certain capability'. The
devmode confinement should also be a useful workaround in your
development process.
Mark
More information about the Snapcraft
mailing list