openstore-team team mailing list archive

Thread
Date

Re: Submission to OpenStore: Seabass code editor

To: Mikhail Milikhin <milikhin@xxxxxxxxx>, openstore-team@xxxxxxxxxxxxxxxxxxx
From: Michael Zanetti <michael.zanetti@xxxxxxxxxxxxx>
Date: Sat, 6 Aug 2016 11:44:42 +0200
In-reply-to: <CACZQv1GQJ_QaYURRG2qgEkTyUxh5krxXhDFRtoxv4GvnUdAkEQ@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hi Mikhail,

thanks for your submission. I will try to review it today. One thing
that immediately jumps to mind is the question why you'd need to use the
unconfined template. If you only require reading files in the home
directory, it would be better if you'd use read_paths instead. Here's an
example:

https://open.uappexplorer.com/app/falcon.bhdouglass

Click on the "Manifest" button, it will also contain the apparmor
profile for this app and show you how you can access those files without
dropping apparmor completely. What do you think?

Best regards,
Michael

On 06.08.2016 08:13, Mikhail Milikhin wrote:
> Hello OpenStore team,
> 
> I'd like to submit new application - Seabass code editor - to OpenStore.
> The app is already available in Ubuntu Store
> (https://uappexplorer.com/app/seabass.mikhael) but it's restricted to
> read/edit files only in it's own directory at
> /.local/share/seabass.mikhael/. I'd like to upload the same app but with
> unconfined AppArmor template. It'll give app unrestricted access to
> user's Home directory. Hence users will be able to read/edit any files
> in Home directory.
> 
> Application sources are available on GitHub:
> https://github.com/milikhin/seabass/releases/latest.
> Ubuntu SDK is not required to build .click package, instead of it latest
> Cordova for Ubuntu is used.
> Complete build instructions are available on GitHub:
> https://github.com/milikhin/seabass/blob/master/building.md.
>  
> Since within Cordova framework AppArmor profile is generated
> automatically during the build process, I don't have permanent
> /.apparmor/ and /.apparmor.openstore/ files. The app uses standard
> Cordova AppArmor profile but with additional hak
> (https://github.com/milikhin/seabass/blob/master/building.md#31-patch-for-an-unconfined-version)
> to set template to Unconfined.
>  
> Please, send me a message if you have any questions about app or build
> process.
> 
> Best regards,
> Mikhael Milikhin
> 
>

Attachment: signature.asc
Description: OpenPGP digital signature

References

Submission to OpenStore: Seabass code editor
From: Mikhail Milikhin, 2016-08-06