unity-scopes-api

Code review comment for lp:~michihenning/unity-scopes-api/scope-cache-dir

scope-cache-dir
Merge into devel

Revision history for this message

Michal Hruby (mhr3) wrote on 2014-07-16:

> On the scope side, during initialization of the run time, we go to the
> registry and grab the metadata, so cache_directory() can return the correct
> location.

Eh, remote call during startup? /me frowns.

>
> Down-sides and questions:
>
> - If no registry is running, we have to wait for the metadata() call to time
> out. Currently, the default timeout is 5 seconds, due to the slow emulator
> problem. This will probably break some tests, and will be inconvenient during
> development. The work-around would be to change the default registry timeout
> to something short, so things don't hang around all the time waiting to time
> out.
>
> - I can look through /var/lib/apparmor/clicks for JSON files. In there, I find
> things such as
>
> com.ubuntu.clock_clock_1.0.430.json
> com.ubuntu.music_music_1.3.511.json
>
> When I look at the clock one, I see:
>
> {
> "policy_groups": [
> "calendar",
> "networking"
> ],
> "policy_version": 1.1
> }
>
> When I look at the music one, I see:
>
> {
> "policy_version": 1.2,
> "template": "unconfined",
> "policy_groups": []
> }
>
> So, it's not clear to me what exactly I should be parsing ("template" or
> "policy_groups") to figure out whether a scope is leaf-net or
> aggregator/unconfined.

According to our tutorial:

> "template": "ubuntu-scope-network"

Is what you should find in the manifest.

> - We have scopes that come pre-installed, scopes installed by the OEM, plus
> scopes installed by the user(s). Is it sufficient to look through
> /var/lib/apparmor/clicks to guarantee that I won't be missing any scopes? For
> the approach I outlined above, I need to be sure that I find something for
> every local scope.

You won't, obviously only click-packaged scopes will have there something.

> - I'm questioning the wisdom of what I suggested above. It seems that the
> registry is forced to do a lot more than it should have to just so it can let
> a scope know what its writable tmp dir is. Isn't this something that should
> somehow be available via an apparmor call? Or should there be a way for click
> to be able to create the directory in the right place?

Sounds reasonable to me, but can't answer that.

>
> - There are potentially many cache and settings directories for a single scope
> (one for each user). When a new user is added to the device, who should create
> the cache dir and settings dir?

The registry again. Afterall it's run per-user.

> On the scope side, during initialization of the run time, we go to the
> registry and grab the metadata, so cache_directory() can return the correct
> location.

Eh, remote call during startup? /me frowns.

> 
> Down-sides and questions:
> 
> - If no registry is running, we have to wait for the metadata() call to time
> out. Currently, the default timeout is 5 seconds, due to the slow emulator
> problem. This will probably break some tests, and will be inconvenient during
> development. The work-around would be to change the default registry timeout
> to something short, so things don't hang around all the time waiting to time
> out.
> 
> - I can look through /var/lib/apparmor/clicks for JSON files. In there, I find
> things such as
> 
> com.ubuntu.clock_clock_1.0.430.json
> com.ubuntu.music_music_1.3.511.json
> 
> When I look at the clock one, I see:
> 
> {
>     "policy_groups": [
>         "calendar",
>         "networking"
>         ],
>     "policy_version": 1.1
> }
> 
> When I look at the music one, I see:
> 
> {
>     "policy_version": 1.2,
>     "template": "unconfined",
>     "policy_groups": []
> }
> 
> So, it's not clear to me what exactly I should be parsing ("template" or
> "policy_groups") to figure out whether a scope is leaf-net or
> aggregator/unconfined.

According to our tutorial:

>  "template": "ubuntu-scope-network"

Is what you should find in the manifest.

You won't, obviously only click-packaged scopes will have there something.

Sounds reasonable to me, but can't answer that.

> 
> - There are potentially many cache and settings directories for a single scope
> (one for each user). When a new user is added to the device, who should create
> the cache dir and settings dir?

The registry again. Afterall it's run per-user.

« Back to merge proposal