apparmor profile for snap package
Marco Tangl
Marco.Tangl at dewetron.com
Thu Mar 31 14:49:21 UTC 2016
Hi all,
unfortunately I am not able to change the apparmor profile for my generated snap packages, targeting snappy Core 16.04 (amd64-all-snap.img from 04-Feb-2016)
I generated 2 snaps with different snapraft.yaml files, and compared the resulting appamor_package_profile located in
/var/lib/snappy/apparmor/profiles/packagename.sideload_XXXX.
Result:
The file stays the same, no matter what I adjusted in my .yaml files .....
##############
1st yaml (default permissions):
...
apps:
my_server:
command: bin/my_server.sh
daemon: simple
parts:
...
############
2nd yaml (enhanced permissions):
...
apps:
my_server:
command: bin/my_server.sh
daemon: simple
plugs: [srv]
plugs:
srv:
caps:
- network-listener
- network-service
- network-management
security-override:
properties:
read-paths:
- /run/udev/data/*
- /etc/network/interfaces.d/**
write-paths:
- /dev/ttyS0
parts:
...
With the "write-paths" I want to allow my server application to access the serial port, not sure if this is ok that way??
I just don't want to execute the "snappy hw-assign" command on my destination system.
Hope someone can help me further!?
Many thanks in advance,
Marco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20160331/c9dba862/attachment.html>
More information about the snappy-devel
mailing list