| Thread Previous • Date Previous • Date Next • Thread Next |
On 08/14/2013 02:07 AM, Thomas Voß wrote:
> Hey Fabio,
>
> no, applications are not allowed to run in background. Our application
> lifecycle is strict in this respect and we only guarantee focused
> applications to be running.
>
Well... I think saying applications are not allowed to do it is too strong-- the
AppArmor profile doesn't enforce this because we have these rules:
@{CLICK_DIR}/@{APPNAME}/@{APPVERSION}/** mrklix,
owner @{HOME}/.local/share/@{APPNAME}/** mrwklix,
For those not familiar with apparmor, that means that an app is able to execute
code that is in its install directory and its writable area, inheriting the
policy of the parent. We did this because we don't know what app developers will
want to do (eg, it might completely legitimate for an app author to write a
helper program and execute it). To not put artificial limits on app authors, I
believe this is the correct approach for application confinement.
Of course, this allows an app to create a daemon and run it. To me, running a
daemon should be considered poor form and something that would be handled via
app reviews ("when I install the app, my battery drains a lot faster-- this
stinks!"). I think it would be better to say that application lifecycle does not
(currently?) support running daemons in the background, and doing so may result
in misbehavior.
--
Jamie Strandboge http://www.ubuntu.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
| Thread Previous • Date Previous • Date Next • Thread Next |
