On 15 June 2016 at 22:07, Paul W. Frields <stickster@xxxxxxxxx> wrote:
On Wed, Jun 15, 2016 at 09:08:35AM -0700, Adam Williamson wrote:
> On Wed, 2016-06-15 at 17:08 +0200, Alexander Larsson wrote:
> > On Tue, 2016-06-14 at 19:26 +0100, James Hogarth wrote:
> > > So I was rather surprised by this Softpaedia article today:
> > > http://news.softpedia.com/news/snap-packages-become-the-universal-bin
> > > ary-format-for-all-gnu-linux-distributions-505241.shtml
> > > It claims that Canonical state that they have been working with
> > > Fedora developers to make this the universal packaging format.
> > > The snapcraft.io site instructions say to use a COPR by a Canonical
> > > employee who is not a Fedora packager.
> > > Does anyone in marketing or development now what the article is
> > > referring to and what's going on?
> >
> > Snappy fundamentally relies on apparmour to do confinement (i.e. it
> > doesn't use filesystem namespaces like flatpak), how does this work on
> > fedora? You can't use selinux and apparmour at the same time, so this
> > shouldn't be able to work, unless they disable the containment feature.
>
> Right now, apparently, their install instructions tell you to disable
> SELinux.
Permissive mode is what they require:
https://copr.fedorainfracloud.org/coprs/zyga/snapcore/
In terms of security of the system that's effectively the same as disabling.
There's no need to differentiate in this context.
-- Fedora Marketing mailing list marketing@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/marketing@xxxxxxxxxxxxxxxxxxxxxxx