ubuntu-appstore-developers team mailing list archive

[Ted Gould <ted@xxxxxxxxxxxxx>]

On Mon, 2013-07-15 at 13:31 -0500, Jamie Strandboge wrote:

> On 07/13/2013 12:15 AM, Ted Gould wrote:
> > 
> > There should be two types of hooks, system and user.  System hooks run as the
> > click package user and are expected to do things that are system wide.  User
> > hooks run as the user installing the program and are meant to set up items in
> > the user's individual home directory.  (Q: Is the click package user enough for
> > security?  Do system hooks need to be root?)
> 
> From a security point of view, we prefer the system click hooks to run with the
> least amount of privilege at all times, which is why we recommended a
> non-privileged click user. This is easy enough for things like unpacking and
> maintaining things in /opt/click.ubuntu.com/, but some hooks such as the the
> apparmor click hook will need to run as root for at least part of the time (eg
> to load apparmor policy into the kernel).


Then do you expect the click installer to run as root?  Or that the
apparmor hook would be setuid?  How do you expect the permission
transitions to work?

Ted

Attachment: signature.asc
Description: This is a digitally signed message part