ubuntu-appstore-developers team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxxxxx>]

On 07/11/2013 12:38 PM, Jamie Strandboge wrote:
> On 07/11/2013 10:31 AM, Colin Watson wrote:
>> On Thu, Jul 11, 2013 at 09:40:30AM -0500, Ted Gould wrote:

...
>>
>>> When the security hook runs it will create an AppArmor profile of the
>>> name $(click package)_$(application)_$(version) that the application
>>> should be confined with.
>>
> 
> That is correct-- it looks at the name and version from the toplevel manifest
> and each key from the manifest['security']['profiles'] dictionary to create the
> profile names for different desktop files. We may only ship support one desktop
> file initially, but the apparmor click hook won't be limited by that going forward.
> 
>>
>>> The same pattern as above should be consider the "Application ID" for
>>> all usage throughout the system.  Including identifying the application
>>> to Mir/HUD/etc.
>>
> This keeps us in sync and I agree it is the correct approach. It handles
> namespacing will and keeps everything in sync between the different components
> (apparmor profile name, apparmor profile filename, APP_ID, etc).
> 
> There is an interesting new requirement (to me anyway) that core applications
> will be packaged as click and some will not be confined (eg, the terminal app).
> While the hugely vast majority of apps will be confined (any unconfined apps
> will require manual review and not be automatically accepted), the manifest file
> needs to support this. 
...
> 
> I think a better idea is do this for unconfined apps:
>  {
>    "name": "com.ubuntu.developer.username.myapp",
>    "version": "0.1",
>    "maintainer": "Your Name <your.name@xxxxxxxxxxx>",
>    "title": "My Cool App",
>    "framework": "ubuntu-sdk-13.10",
>    "security": {
>      "profiles": {
>        "myapp.desktop": {
>          "template": "unconfined"
>        },
>        "myapp-camera.desktop": {
>          "template": "unconfined"
>        }
>      }
>    }
>  }
> 
> In other words, my team provides an unconfined template and everything else
> stays exactly the same (ie, no special casing-- we generate a (permissive)
> apparmor profile of the form of $(click package)_$(application)_$(version) and
> the upstart job can 'apparmor switch' into it just as with confined apps).
> 
> I like this because it is consistent with our current implementation.

Discussed this with my team and decided this is the best approach. Implemented
in apparmor-easyprof-ubuntu 1.0.4, just uploaded to saucy. I'll update the wiki now.

In other words, no special casing for click, hooks, Unity, upstart-app-launch, etc.


-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature