ubuntu-appstore-developers team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxxxxx>]

Hi!

IIRC, the plan all along was to remove the click-desktop hook in favor of the
upstart-app-launch-desktop. I reviewed upstart-app-launch and it is working well
('start application APP_ID=$pkgname_$appname_$version' launches apps under
confinement (on 3.10 kernels-- patch pending for 3.11). That's great!

One thing that has had me concerned though is that apps are going to be hitting
the appstore and more than just Unity users should be able to use them. My
understanding is that flavors and derivatives would either have to create their
own launcher based on Ted's click-exec or we could be sneaky and start the
upstart job via the desktop file. That won't work on systems that use an upstart
user session. I then noticed that both the click-desktop and
upstart-app-launch-desktop hooks are both on my system, and they both run. The
application-click upstart job uses click-exec to find the desktop file by using
'click pkgdir' and generates its own exec line for use in the click upstart job.
Meanwhile, the click-desktop hook outputs a desktop file in
~/.local/share/applications that uses aa-exec.

Not sure if all this was planned, but if we keep both the click-desktop and
upstart-app-launch-desktop hooks, then Unity keeps the application lifecycle
goodness and flavors and derivatives don't need to do anything so long as they
can handle normal desktop files, and click will work as expected. :)

If we decide to keep both, then we would want to update click-hook to use a
wrapper around aa-exec to prepare the sandbox environment[1]. Attached is
aa-exec-click that we could use for this. My thought is that I add aa-exec-click
to click-apparmor, then click-hook is adjusted to use aa-exec-click instead.

What do people think?

[1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement#Launching_applications

-- 
Jamie Strandboge                 http://www.ubuntu.com/

#!/bin/sh
# ------------------------------------------------------------------
#
#    Copyright (C) 2013 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

set -e

# Wrapper around aa-exec to set various click variables:
# https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement#Launching_applications

usage() {
    echo "`basename $0` -p <profile> <args to aa-exec> -- <command> <arg1> ..."
}

profile=""
while getopts hp: f ; do
    case "$f" in
        p) profile="$OPTARG";;
        h) usage; exit 0;;
        *) usage; exit 1;;
    esac
done

if [ -z "$profile" ]; then
    usage
    exit 1
fi

pkgname=`echo "$profile" | cut -d '_' -f 1`

# Make sure we have sane defaults based on the XDG spec
if [ -z "$XDG_CACHE_HOME" ]; then
    export XDG_CACHE_HOME="$HOME/.cache"
fi
if [ -z "$XDG_CONFIG_HOME" ]; then
    export XDG_CONFIG_HOME="$HOME/.config"
fi
if [ -z "$XDG_DATA_HOME" ]; then
    export XDG_DATA_HOME="$HOME/.local/share"
fi
if [ -z "$XDG_RUNTIME_DIR" ]; then
    export XDG_RUNTIME_DIR="/run/user/$UID" # Ubuntu-specific
fi

# This may be useful to apps
export APP_ID="$profile"

# Set application isolation environment
export UBUNTU_APPLICATION_ISOLATION=1
export TMPDIR="$XDG_RUNTIME_DIR/confined/$pkgname"
mkdir -p "$TMPDIR" || true
export __GL_SHADER_DISK_CACHE_PATH="$XDG_CACHE_HOME/$pkgname"

exec aa-exec "$@"