Browser support with daemon - needing manual review


#1

Hello,

Our snap ‘codeverse-portal’ is a kiosk web app which runs on dedicated hardware. It’s plugged in behind televisions in schools, and other than the web app itself, users of the hardware don’t have access to the device. We require use of daemon mode with browser-support to allow the app to start at boot, and also for the app to restart automatically if there is a crash.

Our app was reviewed by Jamie Strandboge, who directed me here with the following context: “Use of browser-support interface has traditionally been reserved for vetted publishers or those with a brand store. Since your snap legitimately requires the use of browser-support with daemon, please make a request in the forum using the ‘store’ category”.

We would like to request ‘browser-support with daemon’ please.

Thank you very much.

Craig


#2

Is your app part of a brand store or the public store?


#3

Thanks Jamie, it’s in the public store.


#4

Hi everyone.

Please let me know if we can get this approved. We’re running into a few issues which would be immediately solved by this exception, and we would love to get our app updated and rolled out onto our devices.

Thanks, and hope you all have an awesome weekend.

Craig


#5

Is it possible to get some images or a source code of the project? Sounds like a interesting project, but I can’t find any info and blind download is not an option.


#6

@pedronis - we have a check in the review tools that flags a snap when it uses browser-support with ‘daemon’ because the interface grants rather considerable power via OOM adjustments for other processes when the process is running as root (more power than what would be expected since the snap can now make itself more important than any other root running processes, potentially DoSing the system and starving other snaps/system services. Due to the chromium content api being what it is, this access cannot be removed from the interface at this time but in the case of kiosk applications, there is no other alternative.

The review-tools have a mechanism for overriding this check but we’ve thus far only used it with brand store snaps, since the idea is that a kiosk is likely something that would be tied with a brand store. The request for this snap is for the public store, so I’d like to discuss the process surrounding this review tools check (ie, when to apply an override) for public store snaps (I think it is clear that if the snap is in a brand store, the override can just be applied since the publisher owns the brand).

On the one hand, a publisher vetting process seems in order similar to what we do for classic snaps. On the other hand, users would be unaware of the additional power afforded by this combination of declared snap.yaml (indeed, snapd is unaware of this as well).

Looking to the future, we should soonish have the ‘daemon user’ that snaps can drop to; perhaps we can expand on that and have snap.yaml allow declaring starting daemons as this user (ie, declare something in snap.yaml and snapd spits out User=daemon\nGroup=daemon in the service file). Note, this idea could be implemented in parallel to the privilege dropping work.


#7

Yes, it’s hosted on github here:

It’s a very simple app (in terms of code we’ve written) as it leans heavily on existing components (Chromium and MirKiosk).


#8

Thanks @jdstrand - I really appreciate the attention to this, and agree the daemon user would be a great solution.

In the meantime, would you suggest we set up a brand store? And is that something which would be available to us, and fairly simple to establish?

Thanks again!


#9

https://docs.ubuntu.com/core/en/build-store/
and
https://docs.ubuntu.com/core/en/build-store/create
have some insights …


#10

I’m not sure if the brand store fits your case on not. Either way please comment, and we can discuss the next steps. I’m hoping we can have the daemon user in place for snapd 2.39 (there is a PR undergoing review already).


#11

FYI, this request cannot proceed until we hear back from you.


#12

Thanks.

I do think the brand store would be a good solution for us. Is there a cost associated with it?

When would you estimate the release of snapd 2.39?


#13

Yes, Brand Stores are a commercial offering. You can get find more information on the Ubuntu Core page and get in touch with us here.

See the Snapd Roadmap.