Here are the changes need to make the apparmor profile work (requires the two inline changes that I mentioned):
=== modified file 'debian/usr.bin.ubuntu-core-launcher' --- debian/usr.bin.ubuntu-core-launcher 2015-05-08 16:50:56 +0000 +++ debian/usr.bin.ubuntu-core-launcher 2015-05-20 20:12:09 +0000 @@ -50,7 +50,10 @@ # read apparmor to figure out if we need cgroups /var/lib/apparmor/clicks/* r,
- # make /tmp/ private, and bind-mount a private /tmp + # set up snap-specific private /tmp dir + capability chown, + /tmp/ w, + /tmp/snap.*/ w, mount options=(rw private) -> /tmp/, - mount options=(rw bind) /tmp/snaps.[0-9]*/**/tmp/ -> /tmp/, + mount options=(rw bind) /tmp/snap.*/ -> /tmp/, }
« Back to merge proposal
Here are the changes need to make the apparmor profile work (requires the two inline changes that I mentioned):
=== modified file 'debian/ usr.bin. ubuntu- core-launcher' usr.bin. ubuntu- core-launcher 2015-05-08 16:50:56 +0000 usr.bin. ubuntu- core-launcher 2015-05-20 20:12:09 +0000 lib/apparmor/ clicks/ * r,
--- debian/
+++ debian/
@@ -50,7 +50,10 @@
# read apparmor to figure out if we need cgroups
/var/
- # make /tmp/ private, and bind-mount a private /tmp [0-9]*/ **/tmp/ -> /tmp/,
+ # set up snap-specific private /tmp dir
+ capability chown,
+ /tmp/ w,
+ /tmp/snap.*/ w,
mount options=(rw private) -> /tmp/,
- mount options=(rw bind) /tmp/snaps.
+ mount options=(rw bind) /tmp/snap.*/ -> /tmp/,
}