Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snap[d]! #1497

Closed
wants to merge 1 commit into from
Closed

Snap[d]! #1497

wants to merge 1 commit into from

Conversation

RedL0tus
Copy link
Member

@RedL0tus RedL0tus commented Nov 24, 2018
edited by Garfield550

Packaging:

  • Make it build.
    • Build without custom flags
    • Custom flags (help needed)

Make it work.

  • "classical" snaps
  • "modern" snaps (help needed)

Misc:

  • AppArmor, currently disabled (emmm, discussion-needed)

Yet another Golang package...

@RedL0tus
snapd: new, 2.36.1 [WIP]
ca0c16e 
Signed-off-by: Kay Lin <kaymw@aosc.io>
@RedL0tus RedL0tus added discussion-needed Further discussion needed in-progress Issue currently being worked on labels Nov 24, 2018
@ghost ghost assigned RedL0tus Nov 24, 2018
@ghost ghost added the in progress label Nov 24, 2018
@liushuyu
Copy link
Member

liushuyu commented Nov 25, 2018
edited

AppArmor, currently disabled (emmm, discussion-needed)

This thing AFAIK it's another variant of SELinux like mechanism...
Obviously, it's not going to be enabled by default.

@RedL0tus
Copy link
Member Author

AppArmor, currently disabled (emmm, discussion-needed)

This thing AFAIK it's another variant of SELinux like mechanism...
Obviously, it's not going to be enabled by default.

I know... maybe Just make it optional...
In this case, AppArmor is used to prevent programs inside containers ("snaps") access files outside the containers.
Without it, snapd will run all snaps in "development mode", without that "protection".

@liushuyu
Copy link
Member

In this case, AppArmor is used to prevent programs inside containers ("snaps") access files outside the containers.

AppArmor is a sandbox controller, configuring this thing correctly is a total hassle.

@RedL0tus
Copy link
Member Author

In this case, AppArmor is used to prevent programs inside containers ("snaps") access files outside the containers.

AppArmor is a sandbox controller, configuring this thing correctly is a total hassle.

According to Arch wiki, it seems it does not require much configuration in this specific case, and snapd can generate AppArmor rules for each snap.

@KexyBiscuit KexyBiscuit added this to the Backlog milestone Apr 23, 2019
@MingcongBai
Copy link
Member

Closing - this is not a rejection.

We are switching to a topic-based maintenance system. Please re-create your PR against our stable branch, use our new Pull Request template, and work in accordance to our maintenance guidelines.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@RedL0tus RedL0tus

Labels
discussion-needed Further discussion needed in-progress Issue currently being worked on
Projects
None yet
Milestone
Backlog
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@RedL0tus @liushuyu @MingcongBai @KexyBiscuit