token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
49 Commits 69 Branches 314 Tags
0.2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Vogt 21fc5359f8 releasing package ubuntu-core-launcher version 0.2
2015-04-19 09:10:35 +02:00
debian
releasing package ubuntu-core-launcher version 0.2
2015-04-19 09:10:35 +02:00
src
fix privs dropping check
2015-04-19 08:58:02 +02:00
tests
drop trailing spaces
2015-04-18 16:19:25 +01:00
Makefile
cleanup, add tests
2015-03-24 09:37:45 +01:00
README
cleanup, add tests
2015-03-24 09:37:45 +01:00

README 

= Overview =

The ubuntu-core-launcher launches snappy applications to restrict
access. It uses apparmor and seccomp to do this.

Run with:
$ ubuntu-core-launcher /path/to/rootdir security-profile /path/to/binary additional args

== Apparmor ==

The apparmor part is similar to aa-exec -p, i.e. it will load the
given apparmor profile for the application.


== Seccomp ==

The seccomp filter profile in expected to be located in
/var/lib/snappy/seccomp/profiles

The filter file contains lines with syscall names, comments that start
with "#" or special directives that start with a "@".

The supported special directives are:
@unrestricted

The unrestricted profile looks like this:
"""
# Unrestricted profile
@unrestricted
"""

A very strict profile might look like this:
"""
# Super strict profile
read
write
"""
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 165 MiB
Languages
Go 93.9%
C 2.9%
Shell 2%
Python 0.7%
Makefile 0.4%