Making a snap of an icon theme

Fabio Colella fcole90 at gmail.com
Mon May 16 20:24:01 UTC 2016 

Thanks, I will file the bug.
But do you know why the old security fields I set are not allowing me that
access? In my snapcraft file I added some additional access requests,
according to the security guide about snappy in the developers website. Is
anything wrong in my file or is that guide obsolete?

Cheers,
Fabio Colella

On Mon, 16 May 2016, 22:16 Jamie Strandboge, <jamie at canonical.com> wrote:

> On Mon, 2016-05-16 at 20:23 +0200, Fabio Colella wrote:
> > Hello,
> > I'm working on packaging an icon theme, the ubuntukylin-icon-theme.
> > I succeeded creating the package, but I have some problems with
> > confinement, as
> > I'm copying the theme to the .icons folder and then I would like to be
> able
> > to
> > set it with gsettings, but this does't work as I probably can't see the
> > system gsettings.
> > What can I do to improve the situation?
> >
> > Error from dmesg:
> >
> > [83350.103274] audit: type=1400 audit(1463422827.503:34798):
> > apparmor="DENIED" operation="open"
> profile="/usr/bin/ubuntu-core-launcher"
> > name="/home/.ecryptfs/fabio/.Private/" pid=1595 comm="ubuntu-core-lau"
> > requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
> > [83350.103355] audit: type=1400 audit(1463422827.503:34799):
> > apparmor="DENIED" operation="open"
> profile="/usr/bin/ubuntu-core-launcher"
> >
> name="/home/.ecryptfs/fabio/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkRq.
> > 5qpI91Jz.BUZ-Fw09Q.7fH7k09PzHt0mw7Qc.yQ6---/"
> > pid=1595 comm="ubuntu-core-lau" requested_mask="wr" denied_mask="wr"
> > fsuid=1000 ouid=1000
> > [83350.103443] audit: type=1400 audit(1463422827.503:34800):
> > apparmor="DENIED" operation="open"
> profile="/usr/bin/ubuntu-core-launcher"
> >
> name="/home/.ecryptfs/fabio/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkRq.
> > 5qpI91Jz.BUZ-Fw09Q.7fH7k09PzHt0mw7Qc.yQ6---
> > /ECRYPTFS_FNEK_ENCRYPTED.FXYcPLgdtb4bgkRq.5qpI91Jz.BUZ-
> > Fw09Q.tHhd43KPdShEHBi1YYkKNM6qmM3BXXz8Ego0T5fm8A2-/"
> > pid=1595 comm="ubuntu-core-lau" requested_mask="wr" denied_mask="wr"
> > fsuid=1000 ouid=1000
> > [83350.103534] audit: type=1400 audit(1463422827.503:34801):
> > apparmor="DENIED" operation="open"
> profile="/usr/bin/ubuntu-core-launcher"
> >
> name="/home/.ecryptfs/fabio/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkRq.
> > 5qpI91Jz.BUZ-Fw09Q.7fH7k09PzHt0mw7Qc.yQ6---
> > /ECRYPTFS_FNEK_ENCRYPTED.FXYcPLgdtb4bgkRq.5qpI91Jz.BUZ-
> > Fw09Q.tHhd43KPdShEHBi1YYkKNM6qmM3BXXz8Ego0T5fm8A2-
> > /ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkRq.5qpI91Jz.BUZ-
> > Fw09Q.J9Msqsfiu.XjDDtK10Di1k--/"
> > pid=1595 comm="ubuntu-core-lau" requested_mask="wr" denied_mask="wr"
> > fsuid=1000 ouid=1000
>
> FYI, the above is unrelated and a bug (LP: #1574556) in the
> ubuntu-core-launcher
> profile that will be fixed in the OS snap soon.
>
> > [83350.464007] audit: type=1400 audit(1463422827.863:34802):
> > apparmor="DENIED" operation="mkdir"
> > profile="snap.ubuntukylin-icon-theme.enable"
> > name="/home/fabio/.icons/ubuntukylin-icon-theme-snap/" pid=1595 comm="cp"
> > requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
> >
>
> Correct, snaps don't have write access to this shared directory and they
> don't
> yet have access to global gsettings. There is already a gsettings bug, can
> you
> file a bug here:https://bugs.launchpad.net/snappy/+filebug and add the
> 'snapd-
> interface' tag? I'm not sure yet how this would be fixed since allowing
> this
> access might break snap isolation, but please put as many details as to
> how the
> theming should work in the bug and the snappy team can discuss it.
>
> Thanks!
>
> --
> Jamie Strandboge             | http://www.canonical.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20160516/e27510de/attachment-0001.html>

More information about the snappy-app-devel mailing list