"Is it OK to drop the leaf-net and unconfined components from the path? Currently, a confined scope relies on being able to create the final path component *itself* by calling mkdir(). So, assuming that ~/.local/share/unity-scopes/leaf-net exists, the scope will try to create ~/.local/share/unity-scopes/leaf-net/@{APP_PKG_NAME}."
No. This is important for isolation between scopes if we ever decide to support other scope templates to protect against certain types of attacks via differently versioned apps. ** Also affects: click-reviewers-tools (Ubuntu) Importance: Undecided Status: New ** Changed in: click-reviewers-tools (Ubuntu) Status: New => In Progress ** Changed in: apparmor-easyprof-ubuntu (Ubuntu) Status: Triaged => In Progress ** Changed in: click-reviewers-tools (Ubuntu) Importance: Undecided => High ** Changed in: click-reviewers-tools (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu in Ubuntu. https://bugs.launchpad.net/bugs/1384286 Title: add directory allowing scopes and apps to share data Status in “apparmor-easyprof-ubuntu” package in Ubuntu: In Progress Status in “click-reviewers-tools” package in Ubuntu: In Progress Bug description: Summary says it all, just need to decide on the directory. I propose using this rule: # Allow scopes to share data with the app shipped in the same click owner @{HOME}/.local/share/@{APP_PKGNAME}/ rw, owner @{HOME}/.local/share/@{APP_PKGNAME}/** mrwkl, To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1384286/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp