One doubt I have: in the case of my Ubuntu computer being in another
language (say French) I recall that the /home/USER/Pictures directory was
localized and actually called /home/USER/Images
Does that impact this discussion?
Florian
On Nov 13, 2014 3:08 PM, "Jamie Strandboge" <ja...@canonical.com> wrote:
> On 11/13/2014 08:25 AM, Marc Deslauriers wrote:
> > On 2014-11-12 11:58 AM, Jamie Strandboge wrote:
> >> Pulling into CC various stakeholders.
> >>
> >> On 11/12/2014 09:47 AM, Florian Boucault wrote:
>
> ...
>
> >>> The camera and the gallery app today are authorized to read/write in
> >>> /home/$USER/Pictures and /home/$USER/Videos.
> >>> Soon they will also need to be able to read/write in the similar
> directories of
> >>> the SD card, for example:
> >>> - /media/phablet/064a-7494/Pictures
> >>> - /media/phablet/064a-7494/Videos
>
> ...
>
> >> We can then do something similar for apps. Eg, the predictable
> hierarchy for
> >> apps might be:
> >> /media/$USER/$SDCARD_ID/.cache/$APP_PKGNAME
> >> /media/$USER/$SDCARD_ID/.config/$APP_PKGNAME
> >> /media/$USER/$SDCARD_ID/.local/share/$APP_PKGNAME
> >>
> >> such that the AppArmor templates add:
> >> owner /media/*/*/.cache/@{APP_PKGNAME}/ rw,
> >> owner /media/*/*/.cache/@{APP_PKGNAME}/** mrwkl,
> >> owner /media/*/*/.config/@{APP_PKGNAME}/ rw,
> >> owner /media/*/*/.config/@{APP_PKGNAME}/** mrwkl,
> >> owner /media/*/*/.local/share/@{APP_PKGNAME}/ rw,
> >> owner /media/*/*/.local/share/@{APP_PKGNAME}/** mrwklix,
> >
> > This is problematic. As you mention later on, sdcards mostly use vfat,
> which
> > means file names are case insensitive. This opens up a lot of issues
> when trying
> > to confine apps to specific directories, and also creates issues with
> data loss
> > if the system isn't designed to cope well.
> >
> > If we want app-specific directories on the sdcard, we will likely have to
> > require the card be formatted with a better filesystem, or we should
> punt on
> > this for now.
> >
>
> Ah yes, I forgot about the case-insensitive names. I also agree this is
> problematic. With the global directories, we should therefore do:
>
> # SD card: /media/<user>/<label>/...
> owner /media/*/*/[Pp][Ii][Cc][Tt][Uu][Rr][Ee][Ss]/ r,
> owner /media/*/*/[Pp][Ii][Cc][Tt][Uu][Rr][Ee][Ss]/** rwk,
>
> That is easy enough.
>
>
> Apps are hard though-- click-apparmor could be adjusted to instead of:
> @{APP_APPNAME}="bar"
> @{APP_PKGNAME}="com.ubuntu.developer.user.foo"
>
> do:
> @{APP_APPNAME}="[Bb][Aa][Rr]"
>
> @{APP_PKGNAME}="[Cc][Oo][Mm].[Uu][Bb][Uu][Nn][Tt][Uu].[Dd][Ee][Vv][Ee][Ll][Oo][Pp][Ee][Rr].[Uu][Ss][Ee][Rr].[Ff][Oo][Oo]"
>
> but yikes, I don't like that; plus I agree with your other points about
> what
> happens when the card is pulled out. App-specific directories needs more
> thought
> and planning.
>
>
> --
> Jamie Strandboge http://www.ubuntu.com/
>
>
--
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help : https://help.launchpad.net/ListHelp
