diff options
| author | Michael Vogt <mvo@debian.org> | 2016-02-02 20:42:54 +0100 |
|---|---|---|
| committer | Michael Vogt <mvo@debian.org> | 2016-02-02 20:42:54 +0100 |
| commit | 412f53d702311ef8ca1f523ce16aa85ef7c96194 (patch) | |
| tree | 03bf067c7908cc27bab26be79fc184acb169ebcf | |
| parent | 77d1a6a08012e6597631f7878f6153a3aa22cd58 (diff) | |
add comment from Gustavo to ensure the TODO is clearbugfix/add-migration-skill
| -rw-r--r-- | snappy/security.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/snappy/security.go b/snappy/security.go index 139862614c..d472b63608 100644 --- a/snappy/security.go +++ b/snappy/security.go @@ -71,8 +71,13 @@ var ( SecurityCaps: []string{}, } - // The default SecurityDefinition if no skill is specified - // Note that this has no network access + // TODO This is not actually right. Even if there are skills, + // we still want to give the snap a default set of allowances, + // such as being able to read and write in its own directories + // and perhaps network access (we're still deciding on that + // one). So the real logic we want here is: give the snap a + // default set of permissions, and then whatever else the + // skills permit (migration or not). This is coming soon. defaultSecurityPolicy = &SecurityDefinitions{ SecurityCaps: []string{}, } |