ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #11272
Re: Content Hub Questions
On 02/19/2015 03:27 PM, Robert Schroll wrote:
> On Thu, Feb 19, 2015 at 3:49 PM, Jamie Strandboge <jamie@xxxxxxxxxxxxx> wrote:
>> # LP: #1293771
>> # Since fd delegation doesn't exist in the form that we need it at this time,
>> # content-hub will create hard links in ~/.cache/@{APP_PKGNAME}/HubIncoming/
>> # for volatile data. As such, apps should not have write access to anything in
>> # this directory otherwise they would be able to change the source content.
>> deny @{HOME}/.cache/@{APP_PKGNAME}/HubIncoming/** w,
>
> Does this explain why the move() method doesn't actually work, and has to fall
> back to a copy? If so, why try to rename the file when we know that it can't
> possibly work?
>
With the existing policy, if your app is doing the move()ing, then yes, that
would explain it. You need to do a copy if you want it to persist in your app.
...
> 6) Is there anyway to tell that two imports are actually the same original
> file? Short of running md5sum on them, I mean. The filename in HubIncoming
> seems to be the same as the original file. Is that guaranteed?
>
> Maybe I'm being unusually dense, but I'm having trouble understanding how this
> is supposed to be used for long-term file management, as opposed to a quick
> send-this-picture-in-an-email usage.
>
The current implementation doesn't address permanently sharing _writable_ data
between apps. It is not a simple problem to solve well (we want to avoid things
like shared data directories) and it is something that should probably be
discussed again. Permanently sharing _readonly_ (to the shared-with app) data
should not be a particularly difficult problem to solve if it isn't already.
>> Note: an explict deny rule suppresses the denial in the logs
>
> This hasn't tripped me up yet, but in general, I find apparmor problems hard to
> diagnose. (Qt says the directory is writable, but I can't make an files in
> there.) Why suppress the log message and make it even more mysterious?
>
I forget the rationale for not logging the denial. I can say that we could use
'audit deny' instead of 'deny' to achieve the goals of the comment, so this
could arguably be a bug in the policy.
--
Jamie Strandboge http://www.ubuntu.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
References