Classic confinement consideration for Shell Assistant

store-requests
1

Hi,

I have recently uploaded the following snap, https://snapcraft.io/shell-assistant/listing, which currently has private visibility. Please advise if there’s anything you need in order to review it.

Shell Assistant is an application of the Terminal Emulator/SSH Client/IDE/File Manager class.

While sandboxed, it can be used successfully for remote host connections over SSH, but for shells on the local host, it runs into the following difficulties:

  1. The local shell inherits the permissions of the sandbox, which limits the user’s capability for terminal operations and file management. The user would at least need to be aware of this limitation, and a method of elevating privilege to that of the logged in user would need to be available for things to be successful.

  2. There are other peculiarities, running e.g. bash in a sandboxed environment, that are complicated to describe.

  3. For file management, the user would at least need some way to access the same files that they have permissions to access as a user.

While I love the sandboxing model (it’s something that desktop apps have needed for a long time), this application by it’s nature, might not be such a good fit.

Possible work-arounds are:

  1. Remove local shell & file management, but it would be a sad Linux terminal emulator that didn’t offer the opportunity to run a local terminal on Linux. I think this was the approach used by Termius, but they got roasted in their reviews for doing this.

  2. Provide (via the snap framework) a dialog, so that the user can select Classic Confinement, or pre-connect any plugged interfaces, prior to launch. This might not be a bad solution, and it would also simplify the process of connecting interfaces via GUI. However, as far as I am aware, no such interface exists yet.

I see that there are other terminal apps on the snap store:

  1. terminalpp - Uses classic confinement.
  2. termius-app - Uses sandboxed model, but users did not like that the terminal emulator could not run effectively on the local machine.

I also see that the following application types are supported for classic confinement, so it seems that this is not unique (Process for reviewing classic confinement snaps):

  • IDEs
  • Terminal emulators, multiplexers and shells

Of course, if you have any suggestions as to how Shell Assistant could be made to work in a sandboxed environment, I would eager to consider them.

Please let me know if you’ve any questions or if I can help you in any other way.

Best Regards,

Mike Taylor

2

Apologies as my original message was maybe a bit too detailed. To simplify things:

  1. Shell Assistant is a terminal emulator and needs to run local shells (e.g. bash) with the same rights as the logged in user. Otherwise, permissions and other aspects of the shell don’t work correctly and this would not be a great experience for the user. It would appear that classic confinement is the only practical option for a terminal emulator on the snap platform.
  2. The remote file manager and code editor (in Shell Assistant) is IDE-like. CLI debuggers for bashdb & python pdb are written, but additional work and more languages support is needed before it can be fully used as an IDE. However, a remote IDE is one end-goal for this subsystem.
  3. I see that Process for reviewing classic confinement snaps lists terminal emulators & IDE’s as requiring classic confinement.
  4. I have not publicly released the snap due to the above sandboxing issues affecting the local shell. The latest version (classic confinement) has been upload to snapcraft.io. You can also download the un-sandboxed latest version from https://shellassistant.com/downloads if you need to.

Thanks very much in advance for your time and attention and please let me know if I can help you in any way with this request.

Best Regards,

Mike Taylor

3

Hey @shellassistant,

Thanks for the detailed explanation and analysis. This request fits into the supported categories of terminal emulators, multiplexers and shells + IDEs so requirements to grant classic confinement are understood.

@Igor could you please perform publisher vetting?

@shellassistant: Can you please confirm this https://shellassistant.com/ is the public website for the app? This will be required for the vetting process.

Thanks!

4

Hi @emitorino / @Igor ,

Thank you very much for considering this request!

Yes, that is correct. https://shellassistant.com is the public website for the app.

Please let me know if there’s anything else I can help with!

Best Regards,

Mike Taylor

5

+1 from me, I verified the publisher.

6

Granting use of classic. This is now live.