Things are really coming along! Most of my comments are inline, however I did want to mention that in looking at the mir_demo_server packaging and security policy, I think you can simplify things and have mir_demo_server simply use the default security policy with the @PACKAGE@_client cap. Ie, update the yaml to be:
Things are really coming along! Most of my comments are inline, however I did want to mention that in looking at the mir_demo_server packaging and security policy, I think you can simplify things and have mir_demo_server simply use the default security policy with the @PACKAGE@_client cap. Ie, update the yaml to be:
binaries: bin/mir_ demo_server
- name: mir_demo_server
exec: debs/usr/
caps:
- network-client
- @PACKAGE@_client
Then do: meta/mirdemosvr .apparmor overlay/ meta/mirdemosvr .seccomp
$ rm -f overlay/
Note: framework binaries and services may reference the framework-policy from this snap.