On 07/18/2013 12:16 PM, Steve Beattie wrote:
> On Thu, Jul 18, 2013 at 11:17:13AM +0100, Colin Watson wrote:
>> Right. For this reason, you mustn't hardcode /opt/click.ubuntu.com/ in
>> the AppArmor hook, or otherwise try to construct package unpack
>> directories yourself. Instead, fully dereference ("readlink -f") the
>> symlink you're given (which will be to apparmor/myapp.json or whatever's
>> specified), step up until you find a directory containing a .click
>> subdirectory, and that's the package unpack directory.
>>
>> (I have a pending merge proposal from Ted to add "click pkg-dir"; I want
>> to think about that in light of this and see if perhaps I can offer a
>> general helper. But for the time being it's OK to do it by hand.)
>
> I suspect a helper would be useful, to eliminate repeated
> re-implementations, some more error-prone than others. But it's
> obviously not a blocker.
>
>> If files referenced in hooks need to know any of this information, then
>> I think the right thing to do is to write them in a templated form and
>> for the hook code to apply substitutions. I certainly agree that we
>> should apply a Don't Repeat Yourself rule.
>>
>>> That in fact is why the apparmor hook would be parsing apart the
>>> symlink name, as it encapsulates the global information from the
>>> manifest that apparmor is interested in.
>>
>> Is this obviated by the algorithm I described above for unpack directory
>> discovery, or do you still need to parse the symlink name for something
>> else?
>
> The algorithm you describe is sufficient. Thanks, Colin, I like this
> design better all around.
> Marc, Colin, Steve, and Ted: are we all in agreement as to the new format? If yes, to make sure we are all on the same page, for application confinement: * aa-clicktool updated to dereference symlinks and handle new json format * apparmor-easyprof-ubuntu updated for CLICK_DIR * manifest wiki updated for new format Steve, you handle the first and I'll handle the other two. -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
