Code review comment for lp:~michihenning/unity-scopes-api/scope-cache-dir

> > https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement
> but
> > iiuic Qt itself was patched to build the directory based on a few envvars.
> Imo
> > we should just do the same, afterall the path has to be "prefix + scope_id",
> > and the prefix can be passed as an envvar - it's not like a single process
> can
> > be both unconfined and leaf-net at the same time.
>
> I'm still not happy about this, as I mentioned earlier: if we have multiple
> instances of the run time in a single address space, the setting will be wrong
> for all but one of them.
>
> But getting the value into the scope is just a side-issue. The real problem is
> that I don't know how to figure out what to set "prefix" to. It seems I can't
> even reliably get at all the manifests for pre-installed, OEM, and click
> scopes.
>
> Jamie, instead of having something like $HOME/.local/share/unity-scopes/leaf-
> net/<scope_id>, could we get rid of the "leaf-fs"/"leaf-
> net"/"aggregator"/"confined" sub-directory?
>
> If so, we could just make it $HOME/.local/share/unity-
> scopes/data_home/<scope_id>.
>
> The core problem here is that I don't know which confinement profile belongs
> to what scope ID, so I don't know how to set the path correctly. If we have a
> path that doesn't change depending on the confinement profile, the problem
> would go away because the prefix would be independent of the confinement type.

As mentioned, that breaks the confinement separation for the case when a scope changes from leaf-fs to leaf-net. We need to have these scope type (eg, leaf-net, leaf-fs) for whenever we confine both types. Putting it in $HOME/.local/share/unity-scopes/<scope_id> or $HOME/.local/share/unity-copes/data_home/<scope_id> breaks that. People have asked what apps do: apps are different because there is no concept of 'local-fs'. All apps are expected to be able to have network access to all the app templates are very tightly confined. leaf-fs and aggregator scopes are very different from apps in that by design they need wide access to the user's data.

Why not just add this to the scope runner .ini file:
[ScopeConfig]
Type=Network # or LocalContent or Aggregator

The downside is the scope author has to keep this in sync with the declared template in the security manifest, but that is something the SDK can help with (not to mention, people shouldn't be changing from one scope type to another except in the most unusual circumstances).