Classic confinement for dataplicity-agent


#1

Hi,

I’d like to request ‘classic’ confinement for dataplicity-agent.

Dataplicity is a remote administration tool that gives ssh like access from the web. We tried it with strict confinement, but we found that the shell is within the snap sandbox, which is not what our users would expect (no apt-get for example).

Thanks in advance.


#2

@niemeyer - can you take a look at this?


#3

Any movement on this one? It’s a blocker for us. Thanks.


#4

@niemeyer - this is essentially an administration app that is a web console. Based on other administration snaps, this seems like something that would not be allowed (in the public store, a brand store could of course have it). Can you take a look?


#5

@niemeyer - can you comment?


#6

@willmcgugan Hi Will,

Is the source code of dataplicity available somewhere so we could have a look?

We generally have avoided granting classic to applications that are primarily general remote manipulation agents. It looks like this might be the case for what goes into the dataplicity snap, but it’s not quite clear given the high-level description.


#7

@niemeyer Source is here: https://github.com/wildfoundry/dataplicity-agent

It’s a Python app, bundled with ‘pex’. It proxies tcp/ip ports, and terminals.


#8

@niemeyer - thoughts on suitability for classic?


#9

@niemeyer - ping for thoughts on suitability for classic.


#10

I’m sorry for the the time it took to verify this in more detail. Reading through the documentation of the project, the use cases reported matches with a class of problems that we’ve been avoiding classic confinement, at least for the time being: open-ended access into the whole device by remote parties, for management purposes.

Our suggestion for these problems right now is to continue packaging them as deb packages, and offering them through a PPA or other form of custom repository.