touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

"Is it OK to drop the leaf-net and unconfined components from the path?
Currently, a confined scope relies on being able to create the final
path component *itself* by calling mkdir(). So, assuming that
~/.local/share/unity-scopes/leaf-net exists, the scope will try to
create ~/.local/share/unity-scopes/leaf-net/@{APP_PKG_NAME}."

No. This is important for isolation between scopes if we ever decide to
support other scope templates to protect against certain types of
attacks via differently versioned apps.

** Also affects: click-reviewers-tools (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: click-reviewers-tools (Ubuntu)
       Status: New => In Progress

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: Triaged => In Progress

** Changed in: click-reviewers-tools (Ubuntu)
   Importance: Undecided => High

** Changed in: click-reviewers-tools (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1384286

Title:
  add directory allowing scopes and apps to share data

Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  In Progress
Status in “click-reviewers-tools” package in Ubuntu:
  In Progress

Bug description:
  Summary says it all, just need to decide on the directory. I propose using this rule:
    # Allow scopes to share data with the app shipped in the same click
    owner @{HOME}/.local/share/@{APP_PKGNAME}/            rw,
    owner @{HOME}/.local/share/@{APP_PKGNAME}/**          mrwkl,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1384286/+subscriptions