Making a snap of an icon theme

Jamie Strandboge jamie at canonical.com
Mon May 16 21:38:35 UTC 2016 

On Mon, 2016-05-16 at 20:24 +0000, Fabio Colella wrote:
> Thanks, I will file the bug.
> But do you know why the old security fields I set are not allowing me that
> access? In my snapcraft file I added some additional access requests,
> according to the security guide about snappy in the developers website. Is
> anything wrong in my file or is that guide obsolete?
> 
old-security is gone in favor of installing the snap with --devmode. The
documentation is lagging behind on the website but AIUI people are working to
address that now.

> Cheers,
> Fabio Colella
> 
> On Mon, 16 May 2016, 22:16 Jamie Strandboge, <jamie at canonical.com> wrote:
> 
> > 
> > On Mon, 2016-05-16 at 20:23 +0200, Fabio Colella wrote:
> > > 
> > > Hello,
> > > I'm working on packaging an icon theme, the ubuntukylin-icon-theme.
> > > I succeeded creating the package, but I have some problems with
> > > confinement, as
> > > I'm copying the theme to the .icons folder and then I would like to be
> > able
> > > 
> > > to
> > > set it with gsettings, but this does't work as I probably can't see the
> > > system gsettings.
> > > What can I do to improve the situation?
> > > 
> > > Error from dmesg:
> > > 
> > > [83350.103274] audit: type=1400 audit(1463422827.503:34798):
> > > apparmor="DENIED" operation="open"
> > profile="/usr/bin/ubuntu-core-launcher"
> > > 
> > > name="/home/.ecryptfs/fabio/.Private/" pid=1595 comm="ubuntu-core-lau"
> > > requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
> > > [83350.103355] audit: type=1400 audit(1463422827.503:34799):
> > > apparmor="DENIED" operation="open"
> > profile="/usr/bin/ubuntu-core-launcher"
> > > 
> > > 
> > name="/home/.ecryptfs/fabio/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkR
> > q.
> > > 
> > > 5qpI91Jz.BUZ-Fw09Q.7fH7k09PzHt0mw7Qc.yQ6---/"
> > > pid=1595 comm="ubuntu-core-lau" requested_mask="wr" denied_mask="wr"
> > > fsuid=1000 ouid=1000
> > > [83350.103443] audit: type=1400 audit(1463422827.503:34800):
> > > apparmor="DENIED" operation="open"
> > profile="/usr/bin/ubuntu-core-launcher"
> > > 
> > > 
> > name="/home/.ecryptfs/fabio/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkR
> > q.
> > > 
> > > 5qpI91Jz.BUZ-Fw09Q.7fH7k09PzHt0mw7Qc.yQ6---
> > > /ECRYPTFS_FNEK_ENCRYPTED.FXYcPLgdtb4bgkRq.5qpI91Jz.BUZ-
> > > Fw09Q.tHhd43KPdShEHBi1YYkKNM6qmM3BXXz8Ego0T5fm8A2-/"
> > > pid=1595 comm="ubuntu-core-lau" requested_mask="wr" denied_mask="wr"
> > > fsuid=1000 ouid=1000
> > > [83350.103534] audit: type=1400 audit(1463422827.503:34801):
> > > apparmor="DENIED" operation="open"
> > profile="/usr/bin/ubuntu-core-launcher"
> > > 
> > > 
> > name="/home/.ecryptfs/fabio/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkR
> > q.
> > > 
> > > 5qpI91Jz.BUZ-Fw09Q.7fH7k09PzHt0mw7Qc.yQ6---
> > > /ECRYPTFS_FNEK_ENCRYPTED.FXYcPLgdtb4bgkRq.5qpI91Jz.BUZ-
> > > Fw09Q.tHhd43KPdShEHBi1YYkKNM6qmM3BXXz8Ego0T5fm8A2-
> > > /ECRYPTFS_FNEK_ENCRYPTED.FWYcPLgdtb4bgkRq.5qpI91Jz.BUZ-
> > > Fw09Q.J9Msqsfiu.XjDDtK10Di1k--/"
> > > pid=1595 comm="ubuntu-core-lau" requested_mask="wr" denied_mask="wr"
> > > fsuid=1000 ouid=1000
> > FYI, the above is unrelated and a bug (LP: #1574556) in the
> > ubuntu-core-launcher
> > profile that will be fixed in the OS snap soon.
> > 
> > > 
> > > [83350.464007] audit: type=1400 audit(1463422827.863:34802):
> > > apparmor="DENIED" operation="mkdir"
> > > profile="snap.ubuntukylin-icon-theme.enable"
> > > name="/home/fabio/.icons/ubuntukylin-icon-theme-snap/" pid=1595 comm="cp"
> > > requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
> > > 
> > Correct, snaps don't have write access to this shared directory and they
> > don't
> > yet have access to global gsettings. There is already a gsettings bug, can
> > you
> > file a bug here:https://bugs.launchpad.net/snappy/+filebug and add the
> > 'snapd-
> > interface' tag? I'm not sure yet how this would be fixed since allowing
> > this
> > access might break snap isolation, but please put as many details as to
> > how the
> > theming should work in the bug and the snappy team can discuss it.
> > 
> > Thanks!
> > 
> > --
> > Jamie Strandboge             | http://www.canonical.com
> > 
> > 
> -- 
> snappy-app-devel mailing list
> snappy-app-devel at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/s
> nappy-app-devel
-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snappy-app-devel/attachments/20160516/811f401b/attachment.pgp>

More information about the snappy-app-devel mailing list