auto-dashboard-demo is a simple demonstration that shows off the store’s over-the-air update functionality, and snapd’s rollback capabilities. It will be used for tradeshows, as well as for an upcoming webinar.
Because it needs to run in a variety of environments that cannot be pointed at brand stores (i.e. public cloud virtual machines), it needs to come from the global store.
It is an electron app, and therefore needs the browser-support plug, and is a kiosk-style UI that will run on ubuntu-core, so runs as a daemon. Because of this combo, the initial upload was rejected by snap store review. This post is a request for approval of said combo.
Regarding dropping privileges, I can play around with it, but one immediate potential problem I see is that it needs to talk to ubuntu-frame via /run/user/$UID and frame is running as root. Maybe I can trick the app using some env overrides, but also I don’t know if I will then run into DAC issues. We shall see
@alexclewontin since this snap is clearly a demo snap (as the name demo is part of the snap name) and not intended for general consumption, I think the risk in this case is lowered so whilst ideally the snap would be drop privileges to the snap_daemon user on startup, this is not a blocker from my perspective for browser-support to be granted.
+1 from me for the use of browser-support with daemon for auto-dashboard-demo.
I have also vetted the publisher.
As such, I am granting this ahead of the usual 7 day voting period via the fast track process with the current +2 votes. Unfortunately this change cannot be granted via a snap store declaration and instead requires an associated update to review-tools which then needs to be deployed on the store dashboard which inturn requires a store admin to assist. As such, I have committed the required update for review-tools and manually approved the existing revisions of this snap in the meantime.
@alexclewontin can you please continue to investigate the option of using system-usernames in the meantime for future revisions of this snap?