snap-confine

Merge lp:~zyga/snap-confine/trunk into lp:~snappy-dev/snap-confine/trunk

trunk
Merge into trunk

Proposed by Zygmunt Krynicki on 2016-03-04

Status:	Rejected
Rejected by:	Zygmunt Krynicki on 2016-05-23
Proposed branch:	lp:~zyga/snap-confine/trunk
Merge into:	lp:~snappy-dev/snap-confine/trunk
Diff against target:	36 lines (+7/-2) 3 files modified debian/changelog (+5/-0) src/80-snappy-assign.rules (+1/-1) src/main.c (+1/-1)
To merge this branch:	bzr merge lp:~zyga/snap-confine/trunk
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Zygmunt Krynicki		Disapprove on 2016-03-04
Jamie Strandboge	2016-03-04	Pending
Review via email: mp+288116@code.launchpad.net

Description of the change

This branch changes ubuntu-core-launcher to use variables that accurately represent the effects that are happening. udev-based device assignment is snap-wide, not app-wide.

Revision history for this message

Zygmunt Krynicki (zyga) wrote on 2016-03-04:

Rejecting since we've just decided to support per-app security.

review: Disapprove

Unmerged revisions

98. By Zygmunt Krynicki on 2016-03-04: Use SNAP_NAME instead of SNAPPY_APP to insert block and character devices
into the control group since the setting was always global to a snap and
the name was misleading.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Snappy Developers

Tyler Hicks

Zygmunt Krynicki

1	=== modified file 'debian/changelog'
2	--- debian/changelog 2016-02-26 18:18:46 +0000
3	+++ debian/changelog 2016-03-04 15:30:36 +0000
4	@@ -3,6 +3,11 @@
5	[ Jamie Strandboge ]
6	* src/main.c: don't set the obsoleted SNAPP_APP_TMPDIR (LP: #1550405)
7
8	+ [ Zygmunt Krynicki ]
9	+ * Use SNAP_NAME instead of SNAPPY_APP to insert block and character devices
10	+ into the control group since the setting was always global to a snap and
11	+ the name was misleading.
12	+
13	-- Jamie Strandboge <jamie@ubuntu.com> Fri, 26 Feb 2016 12:17:31 -0600
14
15	ubuntu-core-launcher (1.0.18) xenial; urgency=medium
16
17	=== modified file 'src/80-snappy-assign.rules'
18	--- src/80-snappy-assign.rules 2015-04-18 14:54:33 +0000
19	+++ src/80-snappy-assign.rules 2016-03-04 15:30:36 +0000
20	@@ -1,2 +1,2 @@
21	# add/remove snap package access to assigned devices
22	-TAG=="snappy-assign", RUN+="/lib/udev/snappy-app-dev $env{ACTION} $env{SNAPPY_APP} $devpath $major:$minor"
23	+TAG=="snappy-assign", RUN+="/lib/udev/snappy-app-dev $env{ACTION} $env{SNAP_NAME} $devpath $major:$minor"
24
25	=== modified file 'src/main.c'
26	--- src/main.c 2016-02-26 18:18:46 +0000
27	+++ src/main.c 2016-03-04 15:30:36 +0000
28	@@ -110,7 +110,7 @@
29	if (udev_enumerate_add_match_tag (devices, "snappy-assign") != 0)
30	die("udev_enumerate_add_match_tag");
31
32	- if(udev_enumerate_add_match_property (devices, "SNAPPY_APP", appname) != 0)
33	+ if(udev_enumerate_add_match_property (devices, "SNAP_NAME", appname) != 0)
34	die("udev_enumerate_add_match_property");
35
36	if(udev_enumerate_scan_devices(devices) != 0)