Building native apps
Gábor Paller
gaborpaller at gmail.com
Wed Feb 18 14:00:36 UTC 2015
"There is no need though; root doesn't mean "danger" as it used to ;-)"
Well, if you assume that "root" always executes apparmored applications
then you are right.
But currently the Way Of Working (TM) is that the operator obtains a root
shell and executes all sorts of apps. Any mistake is fatal.
You can consider the example of Android. There the zygote process spawns
application processes which are subject to Android's permission system so
they are boxed by the permissions they are assigned to - similarly to
apparmor. Still, the zygote process does not run with root privileges. If
it does (in case of rooted phones) then you open up the device to endless
list of attacks.
Regards,
Gabor
On Tue, Feb 17, 2015 at 10:16 PM, Sergio Schvezov <
sergio.schvezov at canonical.com> wrote:
> On martes 17 de febrero de 2015 18h'23:32 BRST, Gábor Paller wrote:
>
>> Thanks, that was it, the version number had to be increased.
>> Now the next thing would be to run as non-root but as far as I understand
>> it is a work in progress.
>>
>
> There is no need though; root doesn't mean "danger" as it used to ;-)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20150218/afb7b7f1/attachment.html>
More information about the snappy-app-devel
mailing list