OK, latest version now uses a ConfinementType setting in <scope_id>.ini.
The setting can be either "leaf-net" or "unconfined".
The default is "leaf-net", so scope authors are unaffected. If an unconfined scope wants to use the cache dir, it needs to set this to "unconfined".
cache_directory() returns the appropriate path, with the type substituted:
$HOME/.local/share/unity-scopes/<type>/<scope_id>
The registry creates the directory if it doesn't exist, with permissions 0700.
For now, I think this is good enough. It gets us off the hook until Apparmor can provide a fancier query API.
« Back to merge proposal
OK, latest version now uses a ConfinementType setting in <scope_id>.ini.
The setting can be either "leaf-net" or "unconfined".
The default is "leaf-net", so scope authors are unaffected. If an unconfined scope wants to use the cache dir, it needs to set this to "unconfined".
cache_directory() returns the appropriate path, with the type substituted:
$HOME/. local/share/ unity-scopes/ <type>/ <scope_ id>
The registry creates the directory if it doesn't exist, with permissions 0700.
For now, I think this is good enough. It gets us off the hook until Apparmor can provide a fancier query API.