Reading /etc

Facundo Batista facundo.batista at canonical.com
Fri Mar 3 01:42:43 UTC 2017


El 02/03/17 a las 10:56, Jamie Strandboge escribió:

> On Wed, 2017-03-01 at 23:06 -0300, Facundo Batista wrote:
>> Which interface should I add to the snap for it to have read only access to
>> /etc?
> 
> There isn't a rule in the policy for os.listdir("/etc") atm. Allowing that
> wouldn't be the worst thing in the world (it would constitute a small
> information leak), but I suspect you are going to need more access than just
> "/etc" that may or may not be useful. Importantly, if this is because of what
> Marco said and this has to do with OS detection, then the snap may end up being
> mislead (is being discussed in https://github.com/snapcore/snapd/pull/2947).

And that access depends on what PIP is trying to do (of which I'm not fully aware)


> I suggest following the wiki[1] and then filing a bug with the accesses you
> want, and we can go from there. If you want me to help you get to the bottom of
> this, just file the bug now or contact me on irc.

I'm currently trying to use "classic" confinement.

But this "need to read /etc" is a wall everybody trying to use PIP from inside a snap will hit (which may not be common
at all, though).

Thanks!

-- 
.   Facundo
.
Canonical - Online Services




More information about the Snapcraft mailing list