ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #06276
Re: Executing binaries from click packages, under confinement
On Mon, 2014-02-03 at 18:05 +0200, Alberto Mardegan wrote:
> I'm now facing the choice of how to implement all the above; my original
> idea was to execute the plugin with aa-exec-click, but before jumping on
> that solution I'd like to double check with a wider audience. I've been
> told that the content hub uses upstart-app-launch instead, so I wonder
> if I should use that instead (but that will only work if the plugins
> install a .desktop file, will it)?
The feature that Content Hub is using I've called "untrusted helpers"
and it has a lot more flexibility than applications do as we're
expecting that the helper managers to do a lot of the lifecycle
management (or setup a trusted session to do it). The original design
was for the Infographic Visualization tools. What it provides for a
developer is that you can use Upstart to do all the PID tracking and
setting up the AppArmor profiles. For me, those are both scary bits of
code, so I'd rather let Upstart handle them :-)
You can see the API here:
http://bazaar.launchpad.net/~ted/upstart-app-launch/untrusted-helper/view/head:/libupstart-app-launch/upstart-app-launch.h#L303
To use it besides using the API is install a small utility that reads
what ever format your helper uses to represent what needs to be executed
(desktop file, JSON, whatever). That goes
in /usr/lib/*/upstart-app-launch/$(helper_type)/exec-tool and it should
set the APP_EXEC Upstart variable. There's a trivial example here:
http://bazaar.launchpad.net/~indicator-applet-developers/infographic-service/trunk.14.04/view/head:/utils/helper-exec-tool.sh
Hope that helps,
Ted
Attachment:
signature.asc
Description: This is a digitally signed message part
Follow ups
References