skills and migration-skill in particular needs more documentation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snappy |
Won't Fix
|
Critical
|
Unassigned |
Bug Description
With the recent changes to snap.yaml, the security directives (caps, security-template, security-override and security-policy) have moved under the migration-skill. docs/meta.md was updated for this, but it lacks examples and is altogether too terse. This may be intentional since AIUI the skills work is still in flux but IMO the migration-skill in particular needs to be adequately documented for people moving from 15.04 to 16.04.
As an example, if 15.04 package.yaml has:
services:
- name: foo
caps:
- network-client
...
- name: bar
caps:
- network-client
- snapd
...
- name: baz
security-
...
- name: norf
security-policy:
apparmor: meta/norf.aa
seccomp: meta/norf.sc
- name: quux
security-
apparmor: meta/quux-
seccomp: meta/quuz-
then your 16.04 yaml should have something like (very casual naming for the mapping to illustrate these map names can be anything):
apps:
foo:
...
uses:
- my-networking-stuff
bar:
...
uses:
- my-networking-stuff
- my-snapd-stuff
baz:
...
uses:
- my-unconfined
norf:
...
uses:
- my-custom
quux:
...
uses:
- my-caps-
uses:
my-networking
type: migration-skill
caps:
- network-client
my-snapd-stuff:
type: migration-skill
caps:
- snap-management
my-unconfined:
type: migration-skill
security-
my-custom:
type: migration-skill
security-
apparmor: custom.aa
seccomp: custom.sc
my-caps-
type: migration-skill
caps:
- network-client
security-
read-paths:
- /etc/motd
write-paths:
- /run/quux.pid
syscalls:
- yyy
- zzz
AIUI, the security yaml was moved under a migration skill so that snap.yaml could land without the now obsoleted security yaml and that the non-migration security skills will land once other skills details are worked out. Also note that the available 'caps' on 16.04 is different than on 15.04 since they are migrating to skills. You can see the current list with 'sudo snappy install snappy-debug && snappy-
Changed in snappy: | |
importance: | Undecided → Critical |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
tags: | added: snap-docs |
There is no "migration-skill" (or "old-security") anymore. We do have documentation for the interfaces system in docs/interfaces.md. Is there anything missing here or can we close this bug?