LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Sandboxed file access

Sandboxed file access

Posted Sep 6, 2012 1:25 UTC (Thu) by mhall119 (guest, #57124)
In reply to: Sandboxed file access by geofft
Parent article: Ubuntu's new app developer upload process proposal

The spec has been updated for clarity to address some of your concerns.

While it wasn't previous specified, the default AppArmor policies did in fact give read and write access to user-level configuration directories for the application, so saving games or user settings is possible by default.

The Helpers is more vague, mostly because the discussions around them haven't been going on as long as those around AppArmor itself. I have updated that section to include additional ways we can promote their use among developers.

(Log in to post comments)

Sandboxed file access

Posted Sep 6, 2012 1:40 UTC (Thu) by geofft (subscriber, #59789) [Link]

Thanks! Yeah, I did realize after I made this comment that it was unclear to me whether the AppArmor policies defaulted to granting home directory access or not. (I _think_ from the abstractions listed when I checked yesterday that they don't, but I wasn't sure.) Certainly the private-data abstraction seemed redundant, if home directories were outright denied.

I'm still unsure from the most recent edit whether you're doing an Apple-style permission to access one particular subdirectory of the user's home directory, or allowing access to the entire home directory (other than private-data). If the latter, it's unclear to me what the helper dialog would do -- do users commonly have files they want to access that are _not_ in their home directory? (I guess, assuming the default umask hasn't changed, "reading other users' files" is arguably relevant.)

Anyway, I do mean to reply on the mailing list once I have some more coherent thoughts together.

Sandboxed file access

Posted Sep 6, 2012 2:21 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

what it sounds like to me is that the app will have a directory that it can use to save it's own data that can use the 'standard' I/O routines

but if it wants to get access to files outside of that sandbox, it's not going to have any choice other than to use the helper.

Sandboxed file access

Posted Sep 6, 2012 18:59 UTC (Thu) by mhall119 (guest, #57124) [Link]

Apps won't have access to the user's home directory by default, but they will have access to ~/.config/{appname}/ by default, which they can use to store configuration and user data.

My understanding of the private-data abstraction is that using it will prevent access to those directories (~/.gnupg, ~/.ssh, etc) even if some other abstraction (or helper) gives access to a parent directory (~/).

Sandboxed file access

Posted Sep 7, 2012 8:59 UTC (Fri) by krake (subscriber, #55996) [Link]

Shouldn't they also get access too ~/.local/share/{appname} for storing data rather then config?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds