ubuntu-appstore-developers team mailing list archive
-
ubuntu-appstore-developers team
-
Mailing list archive
-
Message #00241
Re: Summary of my understandings
On 07/11/2013 12:38 PM, Jamie Strandboge wrote:
> On 07/11/2013 10:31 AM, Colin Watson wrote:
>> On Thu, Jul 11, 2013 at 09:40:30AM -0500, Ted Gould wrote:
>>> A click package will have a version number defined, and will be
>>> installed in a separate directory based on the version number. This
>>> directory will be /opt/click.ubuntu.com/$(package)/$(version)/
>>
>> You must not rely on this directory. It may change, particularly to
>> support things like non-removable preinstalled apps in the system
>> partition, or other cases of OEM apps.
>>
>
> Not having a predictable location breaks application confinement. We necessarily
> need to know where apps are going to be installed. This can be solved by having
> different templates for the different install locations. It can also be solved
> by saying these apps don't use application confinement.
>
Actually, we have some flexibility here because of aa-clicktool. The manifest
could specify "click_dir" (could be named anything) like so:
{
"name": "com.ubuntu.developer.username.myapp",
"version": "0.1",
"maintainer": "Your Name <your.name@xxxxxxxxxxx>",
"title": "My Cool App",
"framework": "ubuntu-sdk-13.10",
"click_dir": "/some/other/place",
"security": {
"profiles": {
"myapp.desktop": {
"policy_groups": [
"networking"
],
"policy_version": 1.0
}
}
}
}
If aa-clicktool sees that "click_dir" is in the click manifest, it will set via
a template var for the following apparmor variable:
@{CLICK_DIR}="/some/other/place"
or if not present, default to:
@{CLICK_DIR}="/opt/click.ubuntu.com"
We then have in our apparmor profile rules like:
# Click packages
@{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/ r,
@{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/** r,
@{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/**/ r,
--
Jamie Strandboge http://www.ubuntu.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
Follow ups
References
