Simplify TMPDIR handling
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Snappy | Status tracked in Trunk | |||||
15.04 |
Fix Released
|
High
|
Michael Vogt | |||
Trunk |
Fix Released
|
High
|
Michael Vogt |
Bug Description
This is a meta bug about the issues in out current handling of $TMPDIR and a proposed solution to simplify things again.
The downside of this approach maybe that the apparmor rules for /tmp need
to be relaxed in the default policy for snaps. I.e. the security shifts
from the very explicit apparmor to the more implicit/magic ubuntu-
Currently there are various bugs like:
- lp:1457839, lp:1460517
- lp:1462910, lp:1462909, lp:1462905, lp:1462903
I would like to simplify the TMPDIR handling in the following way:
- ubuntu-
- ubuntu-
- ubuntu-
- ubuntu-
- ubuntu-
- update apparmor rules for apps to allow /tmp
- snappy does not set TMPDIR, TEMPDIR, SNAP_TEMP_DIR anymore (thats the launchers job now) (#1462909)
- check if any documentation needs updating
Related branches
- Tyler Hicks (community): Needs Fixing
- Snappy Developers: Pending requested
-
Diff: 163 lines (+38/-74)4 files modifieddebian/changelog (+7/-0)
debian/usr.bin.ubuntu-core-launcher (+3/-2)
src/main.c (+28/-38)
tests/test_tmpdir (+0/-34)
- Snappy Developers: Pending requested
-
Diff: 45 lines (+9/-1)2 files modifieddebian/usr.bin.ubuntu-core-launcher (+1/-1)
src/main.c (+8/-0)
I like the design described in this bug description. Since AppArmor will be allowing full access to /tmp/, please make sure that the launcher treats any unexpected conditions as fatal when it is setting up the private /tmp.