Cassic confinement for Open Authenticator

Skyost · May 7, 2025, 11:53am

name: open-authenticator
description: An open-source & cross-platform TOTP (Time-Based One-Time Password) app
snapcraft: OpenAuthenticator/snap/snapcraft.yaml at main · Skyost/OpenAuthenticator · GitHub
upstream: GitHub - Skyost/OpenAuthenticator: Secure your online accounts with Open Authenticator : a free, open-source and lovely-crafted TOTP manager.
upstream-relation: Creator, owner
supported-category: orchestration agents/software (I guess ?)
reasoning: I need to authenticate the current user in order to protect its TOTPs through local authentication. For this reason, I need to access PAM (See Skyost/OpenAuthenticator/blob/main/linux/my_application.cc#L114 on Github), which is only available with classic confinement.

I understand that strict confinement is generally preferred over classic.

I’ve tried the existing interfaces to make the snap to work under strict confinement.

store-requests-bot · May 7, 2025, 11:53am

This request has been added to the queue for review by the @reviewers team.

ogra · May 7, 2025, 12:40pm

It does not look like this is a cloud orchestration tool to manage deployments of containers or VM instances…

Note that a matching supported category is mandatory for getting classic confinement granted.

Which interfaces did you try with strict confinement and how did they fail?

Skyost · May 7, 2025, 12:44pm

Note that a matching supported category is mandatory for getting classic confinement granted.

Yes, understood. I’ll try to replace my PAM code with some Polkit code. Therefore, I’ll be able to use the Polkit interface.