Launcher
DRAFT (abandoned - using Upstart instead)
Launchpad Entry: UbuntuSpec:...
Created: 2013-04-05
Created: Jamie Strandboge
Contributors: Jamie Strandboge, Marc Deslauriers, John Johansen, Steve Beattie, Tyler Hicks, Thomas Voss
Packages affected: Unity
Status: Drafting
Introduction
This will occur in two steps:
- prototype
- integration with Unity
The app launcher is responsible for launching an application within confinement and should meet the requirements for ApplicationConfinement.
The prototype could be implemented as a library such that the prototype executable uses this library to launch the application. This library could then plug into Unity (eg, Unity calls confine_app())
Pseudocode for prototype
set_environment() env = None env = gather_vars_to_keep() env['UBUNTU_SANDBOX'] = "1" return env usage_handler_cb() report_usage() # dump gather_usage() data in machine readable format consumable # by Unity power management, etc register_app_with_power_monitor() # Dependent on implementation, but this allows the power monitor to # gather info on us as needed setup_signal_handler(USR1, usage_handler_cb() unity_pm_register(getpid(), 'USR1') # Unity library call which says that when #sending this pid 'USR1', it will dump usage # data via usage_handler_cb() confine_app() fork if child envp = setup_environment() other_housekeeping() execve(abspath, args..., envp) if parent register_app_with_power_monitor() while(True) gather_usage() monitor_usage() # could examine output of gather_usage() and make decisions # on whether app is being abusive. This could also be handled # by Unity itself via its power management scheme main() confine_app()
BoF
IMPORTANT (2013-04-05): This is effectively a brain dump of some ideas jdstrand had and should only be used a starting point for discussion-- it is not the plan of action!
SecurityTeam/Specifications/ApplicationConfinement/Launcher (last edited 2013-05-08 20:55:28 by jdstrand)