On Wed, Jun 15, 2016 at 05:08:07PM +0200, Alexander Larsson wrote: > Snappy fundamentally relies on apparmour to do confinement (i.e. it > doesn't use filesystem namespaces like flatpak), how does this work on > fedora? You can't use selinux and apparmour at the same time, so this > shouldn't be able to work, unless they disable the containment feature.
As I understand it, that's exactly what they do — there's a new "--disable-confinement" flag which is used¹. Additionally the COPR instructions² ask users to switch SELinux to permissive mode for F24 (but note that "this restriction will be lifted later). 1. http://copr-dist-git.fedorainfracloud.org/cgit/zyga/snapcore/snap-confine.git/tree/snap-confine.spec?id=09ccbb9f0537e2f519b18c8d8ef5613f1cabf5cc 2. https://copr.fedorainfracloud.org/coprs/zyga/snapcore/ -- Matthew Miller <mat...@fedoraproject.org> Fedora Project Leader -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
