openstore-team team mailing list archive

[Michael Zanetti <michael.zanetti@xxxxxxxxxxxxx>]

Right, write path is what you want then. Not sure if it requires to have
both, read and write paths, but we'll see.


On 06.08.2016 19:13, Mikhail Milikhin wrote:
> Thank you, Michael.
> 
> I'd like to give users ability to read and edit any file in Home directory.
> That's why I think read_path is not the best solution as it will allow
> only reading files but not writing.
> 
> I read the docs again and understand that I just missed that there is
> also "write_path" field available.
> So I think adding the following line to the manifest will be a good way
> to give read/write access to Home directory:
> 
>     "write_path": ["@{HOME}/"]
> 
>  
> Is that correct?
> If so, I updated build instructions (replaced /unconfined/ template with
> /write_path/ in apparmor patch) at
> https://github.com/milikhin/seabass/blob/master/building.md#31-patch-for-an-unconfined-version.
> 
> Best regards,
> Mikhail.
> 
> 2016-08-06 16:44 GMT+07:00 Michael Zanetti
> <michael.zanetti@xxxxxxxxxxxxx <mailto:michael.zanetti@xxxxxxxxxxxxx>>:
> 
>     Hi Mikhail,
> 
>     thanks for your submission. I will try to review it today. One thing
>     that immediately jumps to mind is the question why you'd need to use the
>     unconfined template. If you only require reading files in the home
>     directory, it would be better if you'd use read_paths instead. Here's an
>     example:
> 
>     https://open.uappexplorer.com/app/falcon.bhdouglass
>     <https://open.uappexplorer.com/app/falcon.bhdouglass>
> 
>     Click on the "Manifest" button, it will also contain the apparmor
>     profile for this app and show you how you can access those files without
>     dropping apparmor completely. What do you think?
> 
>     Best regards,
>     Michael
> 
>     On 06.08.2016 08:13, Mikhail Milikhin wrote:
>     > Hello OpenStore team,
>     >
>     > I'd like to submit new application - Seabass code editor - to OpenStore.
>     > The app is already available in Ubuntu Store
>     > (https://uappexplorer.com/app/seabass.mikhael
>     <https://uappexplorer.com/app/seabass.mikhael>) but it's restricted to
>     > read/edit files only in it's own directory at
>     > /.local/share/seabass.mikhael/. I'd like to upload the same app
>     but with
>     > unconfined AppArmor template. It'll give app unrestricted access to
>     > user's Home directory. Hence users will be able to read/edit any files
>     > in Home directory.
>     >
>     > Application sources are available on GitHub:
>     > https://github.com/milikhin/seabass/releases/latest
>     <https://github.com/milikhin/seabass/releases/latest>.
>     > Ubuntu SDK is not required to build .click package, instead of it latest
>     > Cordova for Ubuntu is used.
>     > Complete build instructions are available on GitHub:
>     > https://github.com/milikhin/seabass/blob/master/building.md
>     <https://github.com/milikhin/seabass/blob/master/building.md>.
>     >
>     > Since within Cordova framework AppArmor profile is generated
>     > automatically during the build process, I don't have permanent
>     > /.apparmor/ and /.apparmor.openstore/ files. The app uses standard
>     > Cordova AppArmor profile but with additional hak
>     >
>     (https://github.com/milikhin/seabass/blob/master/building.md#31-patch-for-an-unconfined-version
>     <https://github.com/milikhin/seabass/blob/master/building.md#31-patch-for-an-unconfined-version>)
>     > to set template to Unconfined.
>     >
>     > Please, send me a message if you have any questions about app or build
>     > process.
>     >
>     > Best regards,
>     > Mikhael Milikhin
>     >
>     >
> 
>

Attachment: signature.asc
Description: OpenPGP digital signature