On Wed, Jun 15, 2016 at 05:08:07PM +0200, Alexander Larsson wrote:
Snappy fundamentally relies on apparmour to do confinement (i.e. it
doesn't use filesystem namespaces like flatpak), how does this work on
fedora? You can't use selinux and apparmour at the same time, so this
shouldn't be able to work, unless they disable the containment feature.
As I understand it, that's exactly what they do — there's a new
"--disable-confinement" flag which is used¹. Additionally the COPR
instructions² ask users to switch SELinux to permissive mode for F24
(but note that "this restriction will be lifted later).
1.
http://copr-dist-git.fedorainfracloud.org/cgit/zyga/snapcore/snap-confine...
2.
https://copr.fedorainfracloud.org/coprs/zyga/snapcore/
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader