Re: [Ubuntu-phone] Content Hub Questions

Thu, 19 Feb 2015 15:13:54 -0800 

On 02/19/2015 03:27 PM, Robert Schroll wrote:
> On Thu, Feb 19, 2015 at 3:49 PM, Jamie Strandboge <ja...@canonical.com> wrote:
>> # LP: #1293771
>> # Since fd delegation doesn't exist in the form that we need it at this time,
>> # content-hub will create hard links in ~/.cache/@{APP_PKGNAME}/HubIncoming/
>> # for volatile data. As such, apps should not have write access to anything 
>> in
>> # this directory otherwise they would be able to change the source content.
>> deny @{HOME}/.cache/@{APP_PKGNAME}/HubIncoming/** w,
> 
> Does this explain why the move() method doesn't actually work, and has to fall
> back to a copy?  If so, why try to rename the file when we know that it can't
> possibly work?
> 
With the existing policy, if your app is doing the move()ing, then yes, that
would explain it. You need to do a copy if you want it to persist in your app.

...

> 6) Is there anyway to tell that two imports are actually the same original
> file?   Short of running md5sum on them, I mean.  The filename in HubIncoming
> seems to be the same as the original file.  Is that guaranteed?
> 
> Maybe I'm being unusually dense, but I'm having trouble understanding how this
> is supposed to be used for long-term file management, as opposed to a quick
> send-this-picture-in-an-email usage.
> 
The current implementation doesn't address permanently sharing _writable_ data
between apps. It is not a simple problem to solve well (we want to avoid things
like shared data directories) and it is something that should probably be
discussed again. Permanently sharing _readonly_ (to the shared-with app) data
should not be a particularly difficult problem to solve if it isn't already.

>> Note: an explict deny rule suppresses the denial in the logs
> 
> This hasn't tripped me up yet, but in general, I find apparmor problems hard 
> to
> diagnose.  (Qt says the directory is writable, but I can't make an files in
> there.)  Why suppress the log message and make it even more mysterious?
> 
I forget the rationale for not logging the denial. I can say that we could use
'audit deny' instead of 'deny' to achieve the goals of the comment, so this
could arguably be a bug in the policy.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Mailing list: https://launchpad.net/~ubuntu-phone
Post to     : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help   : https://help.launchpad.net/ListHelp

Reply via email to