On Wed, 2016-06-15 at 16:32 +0100, James Hogarth wrote:
> Snappy fundamentally relies on apparmour to do confinement (i.e. it
> doesn't use filesystem namespaces like flatpak), how does this work
on
> fedora? You can't use selinux and apparmour at the same time, so
this
> shouldn't be able to work, unless they disable the containment
feature.
>
That's precisely what they are doing on non-Ubuntu distributions,
disabling confinement.
Thats is pretty crappy. That means things will keep accidentally being
packaged that depends on things not in the ubuntu core. It also means
that there is zero sandboxing.