| === chihchun_afk is now known as chihchun | ||
| === chihchun is now known as chihchun_afk | ||
| === chihchun_afk is now known as chihchun | ||
| dholbach | good morning | 07:08 |
|---|---|---|
| === chihchun is now known as chihchun_afk | ||
| fgimenez | good morning | 08:10 |
| === chihchun_afk is now known as chihchun | ||
| === beowulf is now known as Guest23806 | ||
| liuxg | dholbach, sorry, my network is not stable. did you see my question? | 09:00 |
| dholbach | liuxg: no, I didn't | 09:00 |
| liuxg | dholbach, do you if there is anyway to create a ramdisk in snappy? for the webcam example, I want to capture the image into memory instead of beng into the disk, which is a slow operation. | 09:00 |
| dholbach | I have no idea | 09:00 |
| dholbach | maybe lool or asac or somebody else knows? | 09:01 |
| liuxg | dholbach, the above was my question. alright! thanks! | 09:01 |
| liuxg | dholbach, lool asac I have tried to create a ramdisk in the code, but "mount" seems not successful. | 09:02 |
| dholbach | I'm sorry -I have no idea | 09:02 |
| liuxg | dholbach, I have posted it to the mailinglist, hopefully, there is a reply for it :) | 09:03 |
| dholbach | ok cool | 09:03 |
| asac | liuxg: in the webcam code? you need special permissions for that i assume due to sandboxing. check syslog for errors related | 09:25 |
| Guest23806 | sergiusens: /Volumes/ | 09:31 |
| === Guest23806 is now known as beowulf | ||
| === chihchun is now known as chihchun_afk | ||
| === plars-off_ is now known as plars-off | ||
| === john-mca` is now known as john-mcaleely | ||
| * Chipaca quietly puts the kettle on | 11:15 | |
| kyrofa | Good morning everyone | 12:29 |
| === verterok` is now known as verterok | ||
| * davmor2 changes Chipaca nick to polly (https://en.wikipedia.org/wiki/Polly_Put_the_Kettle_On) | 12:50 | |
| liuxg | lool, ping | 13:08 |
| liuxg | kyrofa, ping | 13:08 |
| kyrofa | liuxg, pong | 13:08 |
| liuxg | kyrofa, I just saw that you got the fix for the broken symlink. does it mean that I can pull the latest source to get it working? | 13:09 |
| kyrofa | liuxg, if you clone the github repo and use the 1.x branch, yes, that will work like you're used to AND have the bugfix. It'll be officially released soon as well | 13:10 |
| liuxg | kyrofa, ok. then I wait for the fix. by the way, I recently tried the license example, and I found it not working. https://bugs.launchpad.net/snapcraft/+bug/1527453 | 13:11 |
| ubottu | Launchpad bug 1527453 in Snapcraft "license text is not prompted during the snappy installation" [Undecided,New] | 13:11 |
| kyrofa | liuxg, don't quote me on this, but I think that's not implemented yet | 13:11 |
| kyrofa | liuxg, but I'll look into it a bit further once I finish backporting a few more things for 1.x | 13:12 |
| liuxg | kyrofa, OK. thanks! I just tried it since it was documented there. By the way, do you if there is any way to mount a ramdisk in snappy system? I find that I/O operation is slow, and I want to use a ramdisk for my webcam picture capturing. | 13:13 |
| kyrofa | liuxg, not sure about that one | 13:16 |
| liuxg | kyrofa, it is OK. thanks for helping | 13:17 |
| kyrofa | liuxg, can you explain the use-case a little more though? | 13:18 |
| liuxg | kyrofa, in the current example https://github.com/ubuntu-core/snapcraft/tree/master/examples/webcam-webui, it saves the picture into disk every 10 second. currently, I implement a client to access the picture to display it on my ubuntu phone. I want to have higher frequency. The I/O to disk is slow compared to the ramdisk. | 13:19 |
| liuxg | kyrofa, a file in the memory is better in this sense. the sample uses fswebcam to capture the picture. | 13:20 |
| kyrofa | liuxg, ah, okay. Agreed that with the way this works putting the picture in memory would be faster, but there are better ways to accomplish what you're wanting without requiring it | 13:21 |
| liuxg | kyrofa, really? I am all your ears :) what is the better solution? | 13:22 |
| kyrofa | liuxg, first of all, I'm assuming that since the webcam demo saves to a directory it does not display video. You need to refresh to see a new picture? | 13:23 |
| kyrofa | (I've not run it myself) | 13:23 |
| liuxg | kyrofa, in its way, it just captures the picture every 10 seconds. In my own implementation, I can initiation a http request to get a picture, and I can control the frequency to get the picture. it | 13:24 |
| kyrofa | liuxg, gotcha, so YOU want video | 13:24 |
| sturmflut | Why not directly take the webcam picture inside the HTTP request, and never store it | 13:25 |
| liuxg | kyrofa, yeah, some kind of the that effect, like home security though frame rates not so high. | 13:25 |
| kyrofa | sturmflut, quit stealing my thunder! | 13:25 |
| kyrofa | liuxg, no streaming video ever caches each frame anywhere, not even in a ramdisk | 13:25 |
| liuxg | sturmflut, the things fswebcam app captures picture into a file. that is what i know. if it captures into memory, that is definitely better. | 13:26 |
| kyrofa | liuxg, you should probably be accessing the camera directly | 13:26 |
| sturmflut | liuxg: The manpage for fswebcam says 'The PNG or JPEG image can be sent to stdio using the filename "-"' | 13:26 |
| liuxg | kyrofa, yes, you are right. video streaming is another option. vlc could be one for the purpose. I have not tried it yet. | 13:26 |
| kyrofa | liuxg, grab a frame from it, and fire the frame off via some UDP-based protocol, e.g. rtp | 13:27 |
| sturmflut | So have your HTTP server call it like that and pipe the output | 13:27 |
| liuxg | kyrofa, hmm, I have not tried it yet, and I do not know how it goes. | 13:28 |
| kyrofa | liuxg, if you really want to use fswebcam, sturmflut's suggestion would work as well | 13:28 |
| kyrofa | liuxg, but using a ramdisk with your use-case is layering hacks upon hacks | 13:29 |
| liuxg | kyrofa, it seems that "mount" is not supported due to security. http://paste.ubuntu.com/14127715/ | 13:30 |
| kyrofa | liuxg, indeed, that doesn't surprise me | 13:31 |
| liuxg | sturmflut, thanks for your tip. in that case, how can the command look like? | 13:31 |
| kyrofa | liuxg, you can exec fswebcam from your app and setup the pipes in code if you want it all in the project rather than a script | 13:32 |
| liuxg | kyrofa, yeah, I can do it in golang to exec fswebcam | 13:34 |
| kyrofa | liuxg, that would probably be the slickest way | 13:34 |
| kyrofa | liuxg, but you can also write your server to read from stdin and pipe them together using the shell as normal | 13:35 |
| kyrofa | liuxg, `command1 | command2` | 13:35 |
| liuxg | kyrofa, sounds interesting though I have never tried it. | 13:37 |
| lool | liuxg: pong | 13:38 |
| liuxg | lool, thanks. yeah, just now, discussed with kyrofa about whether it is possible to make a ramdisk in a snap app. | 13:39 |
| lool | it is possible, but if you need the mount() syscall, you'll need an unconfined snap or a custom apparmor policy | 13:40 |
| lool | you can create ramdisks without the mount syscall though | 13:40 |
| lool | (or if you need chroot()) | 13:40 |
| liuxg | lool, how can I do that? currently, in my script, I do it like http://paste.ubuntu.com/14127715/, it gives me the error. | 13:41 |
| liuxg | lool, how to create a custom policy for an app? it would be good to have an example for it. thanks | 13:42 |
| lool | liuxg: there are examples, but I'm trying to find a recent one given the syntax has changed a bit in the last months | 13:42 |
| liuxg | lool, this example seems to have the one, but it is not based on the snapcraft http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/files/head:/framework-template/. By the way, if an app uses custom apparmor policy, can the app be uploaded to store? | 13:45 |
| lool | liuxg: right exactly | 13:46 |
| lool | liuxg: typically an app with a custom policy is going to trigger manual review, so we'll need some way to audit that it's legit to use these permissions | 13:46 |
| liuxg | lool, I do not know how the syntax looks like in the snapcraft syntax. | 13:46 |
| lool | liuxg: in snapcraft, you basically have the package.yaml in the main snapcraft.yaml file | 13:47 |
| lool | liuxg: basically snapcraft.yaml contains the template copied into meta/package.yaml before snappy build | 13:47 |
| liuxg | lool, so, the syntax for them are the same? | 13:47 |
| lool | liuxg: well most of the package.yaml is expressed in a subset of the snapcraft.yaml -- snapcraft.yaml also lists e.g. parts | 13:48 |
| liuxg | lool, for my case, I need to customize a file like http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/view/head:/framework-template/meta/framework-policy/seccomp/policygroups/client, add the mount system call, right? | 13:48 |
| lool | liuxg: yes | 13:49 |
| lool | liuxg: if you're confident this is the only thing, you can go ahead and do that; if you need to debug, there are snappy-security tools to help you do this (or look in dmesg); if you want to get your app running first, and then tune the permissions, you can set it to unconfined | 13:49 |
| liuxg | lool, do you have a complete example for custom security policy based on snapcraft? I think a lot of developers are interested to know this. | 13:50 |
| lool | liuxg: not handy | 13:50 |
| liuxg | lool, by the way, how to set an app to "unconfined" in snapcraft.yaml file? | 13:51 |
| lool | liuxg: http://bazaar.launchpad.net/~lool/+junk/quagga-snap/files is a snapcraft based snap which sets custom caps (but no custom apparmor policy) | 13:51 |
| kyrofa | liuxg, remember that anything with custom security policies will require manual review | 13:51 |
| lool | liuxg: instead of "networking", put "unconfined" there | 13:51 |
| liuxg | kyrofa, thanks for reminding that. lool just mentioned that. | 13:53 |
| liuxg | lool, do you mean that we can change the "networking" there to "unconfined", then it is done? | 13:54 |
| liuxg | lool, I mean this is the file http://bazaar.launchpad.net/~lool/+junk/quagga-snap/view/head:/snapcraft.yaml | 13:54 |
| lool | liuxg: this is just to point you the spot where caps are set | 13:55 |
| lool | liuxg: you can remove all of networking, network-admin etc. and just list unconfined | 13:55 |
| liuxg | lool, I know. the snap still uses the default security template, right? for custom one, we need to define something like "unconfined" | 13:56 |
| sturmflut | liuxg: I just did it for fun, but it can even be solved in one line of bash | 13:56 |
| sturmflut | while /bin/true; do (echo -ne "HTTP/1.1 200 OK\nContent-type: image/jpeg\n\n"; fswebcam -) | nc -l 12345; done | 13:56 |
| sturmflut | With a proper version of netcat you can even avoid the short period required to re-open the socket | 13:57 |
| liuxg | sturmflut, sounds an interesting hack. do you try this on your destkop? | 13:58 |
| sturmflut | liuxg: On my notebook | 13:58 |
| liuxg | sturmflut, I have been trying the example on my RaspBerry pi. it may not have a display yet. Anyway, it is good to see it works. I will try to your way to do it in the code. | 14:00 |
| sturmflut | liuxg: It is pretty slow, fswebcam takes a long time to fetch the picture each time | 14:00 |
| lool | liuxg: unconfined is a template which means give me all permissions | 14:01 |
| liuxg | sturmflut, it depends on the resolution as well. | 14:01 |
| lool | liuxg: if you want your own template, you can't use caps; rather you'll have to pass a .apparmor and a .seccomp file under your meta/ dir | 14:01 |
| lool | liuxg: but I haven't done that in snapcraft myself | 14:01 |
| lool | so I can't provide a recent example | 14:01 |
| liuxg | lool, thanks. so if I want to make my snap an unconfined, I just do sth like http://paste.ubuntu.com/14127918/, it should be fine, right? | 14:03 |
| lool | liuxg: yeah, seems about right | 14:03 |
| liuxg | lool, perfect. It is good to know. I have been reading Snappy Ubuntu Core - Application Developer Manual 15.04, but it is not so clear to me at all :) | 14:04 |
| lool | liuxg: ah, perhaps we need to improve some sections then :-) | 14:05 |
| lool | liuxg: if you would like to suggest changes, we'd be happy to take them; there is definitely room for improvement | 14:06 |
| liuxg | lool, in fact, more working examples will be very beneficial to the developers. Sometimes, it is hard to explain without examples. I have fed back some problems in the documents, and they are corrected! | 14:06 |
| liuxg | lool, debugging is important for developing snaps. It would be good to have more contents to show how to debug security issues. | 14:08 |
| liuxg | lool, from developers point of view, it would be good to have a graphic tools to generate a useful snapcraft.yaml file. that would be very useful. | 14:09 |
| lool | ack; there are specific tools to help debugging security issues | 14:11 |
| lool | "Security policy debugging commands reference" in the manual | 14:11 |
| liuxg | lool, in fact, in the ubuntu phone development, I also met the same problem. the log does not say the missing caps. it is hard to interpret the the messages there. I would expect a clear messaging like "networking is missing in your app". | 14:13 |
| lool | liuxg: right, fair point | 14:14 |
| lool | the latest version for snappy tries to make suggestions, but it's never perfect | 14:15 |
| liuxg | lool, in fact, android is doing this way and it is very easy to debug. For us, it is just a kind of try and try. | 14:16 |
| liuxg | lool, it could be possible that an app grant all of the caps just purely want to make it work. In fact, maybe some of them are not needed at all. | 14:17 |
| === cyphermox_ is now known as cyphermox | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!