openstore-team team mailing list archive
-
openstore-team team
-
Mailing list archive
-
Message #00023
Re: Submission to OpenStore: Seabass code editor
Right, write path is what you want then. Not sure if it requires to have
both, read and write paths, but we'll see.
On 06.08.2016 19:13, Mikhail Milikhin wrote:
> Thank you, Michael.
>
> I'd like to give users ability to read and edit any file in Home directory.
> That's why I think read_path is not the best solution as it will allow
> only reading files but not writing.
>
> I read the docs again and understand that I just missed that there is
> also "write_path" field available.
> So I think adding the following line to the manifest will be a good way
> to give read/write access to Home directory:
>
> "write_path": ["@{HOME}/"]
>
>
> Is that correct?
> If so, I updated build instructions (replaced /unconfined/ template with
> /write_path/ in apparmor patch) at
> https://github.com/milikhin/seabass/blob/master/building.md#31-patch-for-an-unconfined-version.
>
> Best regards,
> Mikhail.
>
> 2016-08-06 16:44 GMT+07:00 Michael Zanetti
> <michael.zanetti@xxxxxxxxxxxxx <mailto:michael.zanetti@xxxxxxxxxxxxx>>:
>
> Hi Mikhail,
>
> thanks for your submission. I will try to review it today. One thing
> that immediately jumps to mind is the question why you'd need to use the
> unconfined template. If you only require reading files in the home
> directory, it would be better if you'd use read_paths instead. Here's an
> example:
>
> https://open.uappexplorer.com/app/falcon.bhdouglass
> <https://open.uappexplorer.com/app/falcon.bhdouglass>
>
> Click on the "Manifest" button, it will also contain the apparmor
> profile for this app and show you how you can access those files without
> dropping apparmor completely. What do you think?
>
> Best regards,
> Michael
>
> On 06.08.2016 08:13, Mikhail Milikhin wrote:
> > Hello OpenStore team,
> >
> > I'd like to submit new application - Seabass code editor - to OpenStore.
> > The app is already available in Ubuntu Store
> > (https://uappexplorer.com/app/seabass.mikhael
> <https://uappexplorer.com/app/seabass.mikhael>) but it's restricted to
> > read/edit files only in it's own directory at
> > /.local/share/seabass.mikhael/. I'd like to upload the same app
> but with
> > unconfined AppArmor template. It'll give app unrestricted access to
> > user's Home directory. Hence users will be able to read/edit any files
> > in Home directory.
> >
> > Application sources are available on GitHub:
> > https://github.com/milikhin/seabass/releases/latest
> <https://github.com/milikhin/seabass/releases/latest>.
> > Ubuntu SDK is not required to build .click package, instead of it latest
> > Cordova for Ubuntu is used.
> > Complete build instructions are available on GitHub:
> > https://github.com/milikhin/seabass/blob/master/building.md
> <https://github.com/milikhin/seabass/blob/master/building.md>.
> >
> > Since within Cordova framework AppArmor profile is generated
> > automatically during the build process, I don't have permanent
> > /.apparmor/ and /.apparmor.openstore/ files. The app uses standard
> > Cordova AppArmor profile but with additional hak
> >
> (https://github.com/milikhin/seabass/blob/master/building.md#31-patch-for-an-unconfined-version
> <https://github.com/milikhin/seabass/blob/master/building.md#31-patch-for-an-unconfined-version>)
> > to set template to Unconfined.
> >
> > Please, send me a message if you have any questions about app or build
> > process.
> >
> > Best regards,
> > Mikhael Milikhin
> >
> >
>
>
Attachment:
signature.asc
Description: OpenPGP digital signature
Follow ups
References