On 09/06/2013 10:02 AM, Alexandre Abreu wrote: > Hi, > > We are working on webapps integrations and click packaging on UbuntuTouch and > trying to address the WebApps confinement details. > > We already had a chat with Jamie about that last week to further trim down the > whole story. > > A bit of rough context before the gist of the email: > > - A Webapp on Touch will be an individual click package with a desktop file, a > set of icons, and possibly (but not strictly mandatory) a snippet of > javascript > along with a manifest file, > > - The webbrowser-app will be used as a container for running the Webapp, and > the > Exec line from the desktop file for each Webapp click package will reflect > that > with something roughly like: > > Exec=webbrowser-app --webapp http://ubuntu.com > > (subject to change) > > with various additional command line options that will be used to tweak the UI > aspect and (restricted) navigation, > > - When running in "Webapp mode", the click-desktop hook will property setup > the > Path in the desktop file and the app will be started with the local package as > the cwd, which will then be used to locate potential snippets that need to be > injected by the webbrowser-app (the local lookup bit needs to be added since > atm > it tries to search for snippets in /usr/share), > > Now the bits that are left: > > 1. how the webbrowser-app should react to that and act in a properly confined > way for each Webapp. The idea there would be to prevent history, bookmarks, > cookies etc. to be shared among the Webapps and obviously with the regular > browser app. > One part of this is having an apparmor template for use by webapps to confine the webbrowser and enforce isolation between webapps for cache/cookies/history/etc. To allow people to play around with something apparmor-easyprof-ubuntu 1.0.23 added the ubuntu-webapp-experimental template. Marc and I talked and we agree that this template is fine to have and so I renamed it ubuntu-webapp in apparmor-easyprof-ubuntu 1.0.30.
Do note that there are a lot of open questions still that need to be answered before people should start using this and we can open the floodgates in the appstore (see Marc and my previous emails and the wiki[1]). [1]https://wiki.ubuntu.com/SecurityTeam/Specifications/WebAppsConfinement -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
