dmtr and fmtr are wrappers of system ‘ping’ tool for displaying tracepath to a target. Unfortunately, snap core’s ping doesn’t work without network-control/network-observe permissions. Meanwhile I’ve added info message about adding these permissions at runtime, but maybe it’s better to be auto-connected. So I’d like to make request for auto-connect any of network-control or network-observe caps for dmtr and fmtr. Or if you have some ideas how to not elevate them beside of system ping, please share it.
If your snap requires the use of say raw sockets (as is usually required by ping etc), then network-observe should be sufficient. network-control provides additional permissions, but it is best to follow the principle of least privilege, and so your snap should only plug network-observe.
+1 from me for auto-connect of network-observe for dmtr and fmtr.
That would mean removing the users control over what she allows a snap to access… i.e. every snap could start pinging the world, starting DOS ping attacks and whatnot without the user to be able to turn it off… keeping the control in a user controlled interface connection they can disconnect as needed/desired is surely the better choice here…
In general I agree it’s reasonable, but… aside from the fact that the same is applicable to tcp (allowed by default by network plug) that every snap could start sending tons of tcp requests around the world
As explained in the previous comments, I agree that network-control would provide unnecessary permissions that are not required by the snap. Therefore, +1 from me for auto-connect of network-observe interface to dmtr and fmtr snaps.