Launcher

DRAFT (abandoned - using Upstart instead)

Introduction

This will occur in two steps:

  1. prototype
  2. integration with Unity

The app launcher is responsible for launching an application within confinement and should meet the requirements for ApplicationConfinement.

The prototype could be implemented as a library such that the prototype executable uses this library to launch the application. This library could then plug into Unity (eg, Unity calls confine_app())

Pseudocode for prototype

set_environment()
  env = None
  env = gather_vars_to_keep()
  env['UBUNTU_SANDBOX'] = "1"  
  return env

usage_handler_cb()
  report_usage() # dump gather_usage() data in machine readable format consumable
                 # by Unity power management, etc

register_app_with_power_monitor()
  # Dependent on implementation, but this allows the power monitor to
  # gather info on us as needed
  setup_signal_handler(USR1, usage_handler_cb()
  unity_pm_register(getpid(), 'USR1') # Unity library call which says that when 
                                      #sending this pid 'USR1', it will dump usage
                                      # data via usage_handler_cb()

confine_app()
  fork
    if child
      envp = setup_environment()
      other_housekeeping()
      execve(abspath, args..., envp)

    if parent
      register_app_with_power_monitor()
      while(True)
        gather_usage()
        monitor_usage() # could examine output of gather_usage() and make decisions
                        # on whether app is being abusive. This could also be handled
                        # by Unity itself via its power management scheme


main()
  confine_app()

BoF

  • IMPORTANT (2013-04-05): This is effectively a brain dump of some ideas jdstrand had and should only be used a starting point for discussion-- it is not the plan of action! Smile :)

SecurityTeam/Specifications/ApplicationConfinement/Launcher (last edited 2013-05-08 20:55:28 by jdstrand)