Ubuntu
unity-scopes-api package

  1. Bug #1327426
  2. Comment #0

Comment 0 for bug 1327426

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Click apps started with ubuntu-app-launch (or via aa-exec-click via legacy desktop files) have a number of environment variables set. Eg, for a test app of mine with APP_ID of 'com.ubuntu.developer.jdstrand.click-env_click-env_0.1':
APP_ID=com.ubuntu.developer.jdstrand.click-env_click-env_0.1
__GL_SHADER_DISK_CACHE_PATH=/home/phablet/.cache/com.ubuntu.developer.jdstrand.click-env
LD_LIBRARY_PATH=/opt/click.ubuntu.com/.click/users/phablet/com.ubuntu.developer.jdstrand.click-env/lib/arm-linux-gnueabihf:/opt/click.ubuntu.com/.click/users/phablet/com.ubuntu.developer.jdstrand.click-env/lib
PATH=/opt/click.ubuntu.com/.click/users/phablet/com.ubuntu.developer.jdstrand.click-env/lib/arm-linux-gnueabihf/bin:/opt/click.ubuntu.com/.click/users/phablet/com.ubuntu.developer.jdstrand.click-env:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
QML2_IMPORT_PATH=/opt/click.ubuntu.com/.click/users/phablet/com.ubuntu.developer.jdstrand.click-env/lib/arm-linux-gnueabihf
TMPDIR=/run/user/32011/confined/com.ubuntu.developer.jdstrand.click-env
UBUNTU_APPLICATION_ISOLATION=1
XDG_CACHE_HOME=/home/phablet/.cache
XDG_CONFIG_HOME=/home/phablet/.config
XDG_DATA_DIRS=/opt/click.ubuntu.com/.click/users/phablet/com.ubuntu.developer.jdstrand.click-env:/usr/share
XDG_DATA_HOME=/home/phablet/.local/share
XDG_RUNTIME_DIR=/run/user/32011

For scopes, we should probably do the same thing. I suggest the following:
  APP_ID=<apparmor profile name>
  LD_LIBRARY_PATH=<click install directory>/lib/$multiarch:<click install directory>/lib
  PATH=<click install directory>/lib/$multiarch/bin:<click install directory>:$PATH
  UBUNTU_APPLICATION_ISOLATION=1
  XDG_DATA_DIRS=<click install directory>:/usr/share
  XDG_DATA_HOME=$HOME/.local/share
  XDG_RUNTIME_DIR=/run/user/$UID

APP_ID may not strictly be needed since these are scopes and not subject to application lifecycle, etc, but if it is provided developers will have a consistent environment when developing apps and scopes and it might make it easier for them to programmatically determine the location of certain directories, specifically their scope-specific writable area. Eg:

  my_pkgname = $APP_ID.split('_')[0]
  my_writable_dir = $XDG_DATA_HOME/unity-scopes/leaf-net/$my_pkgname

You might also provide an API to determine that. TMPDIR is not listed above, but probably should be since apparmor policy does not allow access to /tmp. If you want to provide that, I suggest:
  TMPDIR=/run/user/$UID/confined-scopes/leaf-net/<'name' from click manifest>

Note, 'leaf-net' is used for the same reason here as it is in {HOME}/.local/share/unity-scopes/leaf-net/@{APP_PKGNAME}/ in the policy: to prevent other scope types from having overlapped writable directories which could lead to information disclosure (see bug 1326105 for a description of the attack). 'leaf-net' should be used with scopes that use the ubuntu-scope-network apparmor template and 'leafs-fs' for scopes that use the (currently unavailable) ubuntu-scope-local-content apparmor template.