Auto-connecting the system-files interface for the chromium snap

Some code was recently added to the chromium snap to allow reading existing enterprise policies installed for the chromium-browser deb package.

This requires read-only access to /etc/chromium-browser/policies.

This requires the corresponding store declaration to auto-connect the interface.

This is one more step towards easing the transition from the chromium-browser deb packages in Ubuntu to the snap package.

Thanks for considering it.


A community LGTM from me as it is important to the adoption from the business/education cases.

Are the files in /etc/chromium-browser/policies standalone or do they reference files in locations not available during runtime (eg, /usr from the host)?

As far as I know, the files in there are standalone. They are created by the system administrator (see the upstream guide).

1 Like

@jdstrand: can you (and other store reviewers) cast a vote on this? There are revisions ready to be published pending a manual review because of this.

+1 from me - adding system-files for /etc/chromium-browser/policies for chromium snap.

Thanks for the additional info.

The snap is currently using:

    interface: system-files
    - /etc/chromium-browser/policies

While I realize that the snap is currently using ‘chromium-config’ for personal-files and so the naming of this system-files interface is consistent with that, I’d prefer that we adjust the interface reference to be inline with the rest of the ecosystem. Can you change this to be:

    interface: system-files
    - /etc/chromium-browser/policies

+1 for use of and auto-connection for read-only access to /etc/chromium-browser/policies via system-files using the etc-chromium-browser-policies interface reference.

Done. Does this require a rebuild, or can the auto-connection be accepted with the chromium-policies name, and be inherited in subsequent builds with the etc-chromium-browser-policies name?

Yes. The snap declaration must match what is in the snap otherwise it won’t be installable from the store.

Ack. I triggered rebuilds for all architectures with this change.

@oSoMoN can this post be re-tagged against store-requests rather than store - then the relevant @reviewers are more likely to see it, thanks :slight_smile:

Ooops, sorry about that, I hadn’t noticed this was in the wrong category.

@oSoMoN for me it’s confusing that upstream guide you linked clearly states:

Policy configuration files live under /etc/chromium for Chromium

while you proposed adding (only) /etc/chromium-browser/ which afaik is ubuntu (debian?) oddity due to some historical package name conflicts.

Yes, this is Ubuntu-specific. The use case is the transition from a deb package to the snap. This wouldn’t cover the transition for other distros where policy configuration files lived under the default upstream location, indeed.

+1 for auto-connected use of system-files for read-only access to /etc/chromium-browser/policies.

So is supporting transition for other distros something planned to do considering snap is cross distro platform?

1 Like

That would be nice to have of course. It would require modifying the patch that alters the search paths for policies. Would you mind filing a bug to request this?

1 Like

+2 votes for, 0 votes against, granting use and auto-connection of system-files with read only access to /etc/chromium-browser/policies using etc-chromium-browser-policies interface reference to chromium snap. This is now live.