On Sun, 2017-04-16 at 21:06 -0400, Michael Hall wrote: > Running a script inside of your snap with either /bin/sh or /bin/bash > should be no problem at all. However looking at your script I see that > you're making dbus calls out to the Plasma Shell, and that *will* be > blocked by the strict confinement. > > You will probably need to get a snapd interface created to support this > dbus interface, or maybe you can use the generic 'dbus' interface and > specify this service, which would have to be manuall connected. I'm > hoping someone from the snapd or security teams can chime in and be more > specific about what your options are here. > It looks like your script is using qdbus to tell the PlasmaShell to run a script for changing the wallpaper to something your snap specifies. Assuming your snap ships qdbus, then the 'only' thing that would be required would be to add a snappy interface to allow access to this dbus call.
A few things things: 1. today we have the 'unity7' interface for use on classic distributions. We'll be introducing gnome and plasma interfaces for running snaps under those DEs 2. it looks like your qdbus command is sending a script over for PlasmaShell to execute. Since plasma shell runs the script in the context of plasma (ie, unconfined), this would allow breaking out of application confinement. If this snappy interface was added, it would be considered a privileged interface 3. is there another wallpaper API or standard KDE command line utility that can be used instead of plasmashell that doesn't allow breaking out of confinement? If so, I recommend using that instead-- then perhaps we can add a 'desktop-wallpaper' interface. For now, feel free to use 'confinement: devmode' in your snap and please file a bug (with the 'snapd-interface' tag) here to request your interface addition: https://bugs.launchpad.net/snapd/+filebug > Michael Hall > [email protected] > > On 04/16/2017 05:13 PM, Eloy García (PC Actual) wrote: > > Hello everybody. > > > > I develop a graphical java-based application which is published in the > > Ubuntu Store as a snap package (sctrict confinment) called > > wallpaperdownloader to download, manage and set desktop wallpapers. > > > > I'm developing version 2.7 which will bring KDE support, but for this I > > need to execute a shell script from Java. In classic confinement and > > natively, this script is executed without problems. I use this code to do > > it: > > > > process = Runtime.getRuntime().exec("/bin/sh " + WDUtilities.getAppPath() + > > WDUtilities.URL_SLASH + WDUtilities.PLASMA_SCRIPT + " " + wallpaperPath); > > > > As you can see, I use /bin/sh command to run the script. This is the > > content of the script: > > > > #!/bin/bash > > > > # Changing wallpaper > > qdbus org.kde.plasmashell /PlasmaShell > > org.kde.PlasmaShell.evaluateScript > > "var allDesktops = desktops();print (allDesktops);for > > (i=0;i<allDesktops.length;i++) {d = > > allDesktops[i];d.wallpaperPlugin = 'org.kde.image';d.currentConfigGroup = > > Array('Wallpaper', 'org.kde.image', 'General');d.writeConfig('Image', > > 'file://"$1"')}" > > > > This command changes the current wallpaper for version 5.8 or higher in > > Plasma. > > > > When this part is executed within the snap package (strict confinement), > > nothing happens. I have tried to include bash and dash pacakges as > > stage-packages but it doesn work. Is this something that can be achieved > > using the snap package system? > > > > Thank you very much! > > > > Best, > > > > Eloy > > > > -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
