move interface-specific OS mounts to interface.SecurityMounts

Bug #1609499 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snappy
Won't Fix
Medium
Jamie Strandboge
snap-confine
Won't Fix
Medium
Jamie Strandboge

Bug Description

From: https://bugs.launchpad.net/snappy/+bug/1597842/comments/1

"Since I've been looking at interfaces in support of bcc, I looked into this and agree this should be handled in the interfaces for a proper solution. One way to do this would be to allow the .fstab parsing to allow OS/classic mounts somehow instead of just snap mounts, then interfaces could declare what OS/classic mounts to add instead of hard-coding them in snap-confine.

More concretely, rather than unconditionally bind mounting /var/log in snap-confine, the log-observe interface would add an entry to .fstab on interface connect. In this manner, only the snaps that are connected to log-observe get the additional bind mount, which is a cleaner runtime and easier to maintain. The same could be done with /usr/src."

Changed in snap-confine:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm closing this since there are a bunch of upcoming changes to the mount code. Perhaps we can revisit it in the future.

Changed in snappy:
status: Triaged → Won't Fix
Changed in snap-confine:
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.