Browser support with daemon - needing manual review

craigulliott · March 19, 2019, 9:22pm

Hello,

Our snap ‘codeverse-portal’ is a kiosk web app which runs on dedicated hardware. It’s plugged in behind televisions in schools, and other than the web app itself, users of the hardware don’t have access to the device. We require use of daemon mode with browser-support to allow the app to start at boot, and also for the app to restart automatically if there is a crash.

Our app was reviewed by Jamie Strandboge, who directed me here with the following context: “Use of browser-support interface has traditionally been reserved for vetted publishers or those with a brand store. Since your snap legitimately requires the use of browser-support with daemon, please make a request in the forum using the ‘store’ category”.

We would like to request ‘browser-support with daemon’ please.

Thank you very much.

Craig

jdstrand · March 19, 2019, 9:54pm

Is your app part of a brand store or the public store?

craigulliott · March 19, 2019, 10:14pm

Thanks Jamie, it’s in the public store.

craigulliott · March 23, 2019, 4:42am

Hi everyone.

Please let me know if we can get this approved. We’re running into a few issues which would be immediately solved by this exception, and we would love to get our app updated and rolled out onto our devices.

Thanks, and hope you all have an awesome weekend.

Craig

twosky2000 · March 26, 2019, 5:15am

Is it possible to get some images or a source code of the project? Sounds like a interesting project, but I can’t find any info and blind download is not an option.

jdstrand · March 26, 2019, 3:03pm

@pedronis - we have a check in the review tools that flags a snap when it uses browser-support with ‘daemon’ because the interface grants rather considerable power via OOM adjustments for other processes when the process is running as root (more power than what would be expected since the snap can now make itself more important than any other root running processes, potentially DoSing the system and starving other snaps/system services. Due to the chromium content api being what it is, this access cannot be removed from the interface at this time but in the case of kiosk applications, there is no other alternative.

The review-tools have a mechanism for overriding this check but we’ve thus far only used it with brand store snaps, since the idea is that a kiosk is likely something that would be tied with a brand store. The request for this snap is for the public store, so I’d like to discuss the process surrounding this review tools check (ie, when to apply an override) for public store snaps (I think it is clear that if the snap is in a brand store, the override can just be applied since the publisher owns the brand).

On the one hand, a publisher vetting process seems in order similar to what we do for classic snaps. On the other hand, users would be unaware of the additional power afforded by this combination of declared snap.yaml (indeed, snapd is unaware of this as well).

Looking to the future, we should soonish have the ‘daemon user’ that snaps can drop to; perhaps we can expand on that and have snap.yaml allow declaring starting daemons as this user (ie, declare something in snap.yaml and snapd spits out User=daemon\nGroup=daemon in the service file). Note, this idea could be implemented in parallel to the privilege dropping work.

craigulliott · March 26, 2019, 8:58pm

Yes, it’s hosted on github here:

It’s a very simple app (in terms of code we’ve written) as it leans heavily on existing components (Chromium and MirKiosk).

craigulliott · March 26, 2019, 9:04pm

Thanks @jdstrand - I really appreciate the attention to this, and agree the daemon user would be a great solution.

In the meantime, would you suggest we set up a brand store? And is that something which would be available to us, and fairly simple to establish?

Thanks again!

ogra · April 2, 2019, 10:27am

https://docs.ubuntu.com/core/en/build-store/
and
https://docs.ubuntu.com/core/en/build-store/create
have some insights …

jdstrand · April 4, 2019, 10:23pm

I’m not sure if the brand store fits your case on not. Either way please comment, and we can discuss the next steps. I’m hoping we can have the daemon user in place for snapd 2.39 (there is a PR undergoing review already).

jdstrand · April 11, 2019, 5:23pm

FYI, this request cannot proceed until we hear back from you.

craigulliott · April 24, 2019, 12:24pm

Thanks.

I do think the brand store would be a good solution for us. Is there a cost associated with it?

When would you estimate the release of snapd 2.39?

noise · April 24, 2019, 8:21pm

Yes, Brand Stores are a commercial offering. You can get find more information on the Ubuntu Core page and get in touch with us here.

See the Snapd Roadmap.

craigulliott · September 20, 2019, 8:10pm

Hi @jdstrand

I noticed with some excitement that the deamon user feature has been released, but I’m struggling to find documentation on it. Please could you point me in the right direction, as I’m hoping we’ll be able to solve this issue now. As a refresher - we needed to use daemon mode with browser-support.

Thanks!

jdstrand · September 26, 2019, 3:24pm

It’s documented here: System-usernames. You were just a little early; I did it earlier this week

craigulliott · September 26, 2019, 11:57pm

Fantastic, thank you very much!