Building native apps
Jamie Strandboge
jamie at canonical.com
Tue Feb 17 21:25:04 UTC 2015
On 02/17/2015 03:16 PM, Sergio Schvezov wrote:
> On martes 17 de febrero de 2015 18h'23:32 BRST, Gábor Paller wrote:
>> Thanks, that was it, the version number had to be increased.
>> Now the next thing would be to run as non-root but as far as I understand it
>> is a work in progress.
>
> There is no need though; root doesn't mean "danger" as it used to ;-)
>
Well now hold on :)
That is certainly the goal, and apparmor is root strong and gives us a lot, but
we need to get the seccomp filter in place to reduce the kernel attack surface
(which is pretty large for root). This should happen as a result of the launcher
work.
Beyond that, allowing running things as non-root is useful for privilege
separation and defensive coding so I'd really like us to support that at some point.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20150217/2c7d9b0f/attachment-0001.pgp>
More information about the snappy-app-devel
mailing list