我使用限制功能构建了两个应用程序snapcraft(例如 snap1 和 snap2)devmode。
snap1 是一个简单的守护进程应用程序,它启动 snap2(不是守护进程),并且两者都正常工作。
我正在为搭载 Ubuntu core-16 的 Dell Edge Gateway 设备进行开发。
现在出于安全考虑,我必须将这两个 snap 的限制改为严格限制,然后重新构建。但经过这次修改后,
- snap1 无法启动 snap2。
- snap2 无法打开端口或从 serial-port-ioioix 读取数据
但是,经过以下更改后,我可以通过应用程序访问网络。
我对 snap1 和 snap2 各自的 yaml 文件做了以下更改:
1.snap1.yaml
name: snap1
version: ‘0.8’
summary: This is a snap1
description: |
Some description.
grade: stable #devel # must be ‘stable’ to release into candidate/stable channels
confinement: strict #devmode # use ‘strict’ once you have the right plugs and slots
apps:
snap1:
command: bin/snap1
plugs:
- network
- network-bind
- home
- removable-media
- shutdown
- snapd-control
- daemon-notify
- system-trace
- timezone-control
daemon: simple
parts:
snap1-app:
plugin: cmake
configflags:
- -DAPPVERSION=0.8
source: .
2.snap1.yaml
name: snap2
version: ‘1.0.7’
summary: This is a snap2
description: |
Some description.
grade: stable #devel # must be ‘stable’ to release into candidate/stable channels
confinement: strict #devmode # use ‘strict’ once you have the right plugs and slots
apps:
snap2:
command: bin/snap2
plugs:
- network
- network-bind
- home
- removable-media
- serial-port
- raw-usb
- io-ports-control
- gpio
parts:
snap2-app:
plugin: cmake
configflags:
- -DBUILDFROMSNAP=TRUE
- -DAPPVERSION=1.0.7
source: .
如果需要进行任何其他更改,请告诉我。
– 提前致谢... :) :+1: