ubuntu-phone team mailing list archive

Thread
Date

Re: Content Hub Questions

To: Robert Schroll <rschroll@xxxxxxxxx>
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Thu, 19 Feb 2015 17:12:09 -0600
Cc: ubuntu-phone@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1424381248.13591.14@smtp.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

On 02/19/2015 03:27 PM, Robert Schroll wrote:
> On Thu, Feb 19, 2015 at 3:49 PM, Jamie Strandboge <jamie@xxxxxxxxxxxxx> wrote:
>> # LP: #1293771
>> # Since fd delegation doesn't exist in the form that we need it at this time,
>> # content-hub will create hard links in ~/.cache/@{APP_PKGNAME}/HubIncoming/
>> # for volatile data. As such, apps should not have write access to anything in
>> # this directory otherwise they would be able to change the source content.
>> deny @{HOME}/.cache/@{APP_PKGNAME}/HubIncoming/** w,
> 
> Does this explain why the move() method doesn't actually work, and has to fall
> back to a copy?  If so, why try to rename the file when we know that it can't
> possibly work?
> 
With the existing policy, if your app is doing the move()ing, then yes, that
would explain it. You need to do a copy if you want it to persist in your app.

...

> 6) Is there anyway to tell that two imports are actually the same original
> file?   Short of running md5sum on them, I mean.  The filename in HubIncoming
> seems to be the same as the original file.  Is that guaranteed?
> 
> Maybe I'm being unusually dense, but I'm having trouble understanding how this
> is supposed to be used for long-term file management, as opposed to a quick
> send-this-picture-in-an-email usage.
> 
The current implementation doesn't address permanently sharing _writable_ data
between apps. It is not a simple problem to solve well (we want to avoid things
like shared data directories) and it is something that should probably be
discussed again. Permanently sharing _readonly_ (to the shared-with app) data
should not be a particularly difficult problem to solve if it isn't already.

>> Note: an explict deny rule suppresses the denial in the logs
> 
> This hasn't tripped me up yet, but in general, I find apparmor problems hard to
> diagnose.  (Qt says the directory is writable, but I can't make an files in
> there.)  Why suppress the log message and make it even more mysterious?
> 
I forget the rationale for not logging the denial. I can say that we could use
'audit deny' instead of 'deny' to achieve the goals of the comment, so this
could arguably be a bug in the policy.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature

References

Content Hub Questions
From: Robert Schroll, 2015-02-18
Re: Content Hub Questions
From: Jamie Strandboge, 2015-02-18
Re: Content Hub Questions
From: Robert Schroll, 2015-02-19
Re: Content Hub Questions
From: Jamie Strandboge, 2015-02-19
Re: Content Hub Questions
From: Robert Schroll, 2015-02-19