Classic confinement for juju-lint

Hi. Can I get classic confinement enabled for juju-lint ? It requires classic confinement like all Juju plugins.

Can you give more details as to what juju-lint does and why it needs classic confinement? I searched the forum but I didn’t see a blanket grant of classic to any and all juju plugins (please feel free to link to the forum post that discusses this since I can’t seem to find it). Thanks!

I guess it would be possible to write a Juju plugin that can be contained, but the ones that do something useful typically need to invoke the first ‘juju’ executable on $PATH. Most commonly ‘juju status’ to get information about Juju deployments, followed by various other ‘juju’ commands to perform the requested operations.

@niemeyer - of the snapd developers, I feel you would have unique insight into this request. Can you comment?

We don’t have a general rule for juju plugins indeed. I think it’s fine to have this one plugin as classic based on the fact it’s created by the same team as juju itself, and given that juju itself is classic at the moment. Rejecting classic for it might just mean getting it inside the juju snap itself, which is perhaps a good idea anyway? How does that sound, @stub?

What would be great is having a plan to take the juju client entirely strictly confined. I can’t recall our previous conversations about it, but it’s the sort of application where this should be doable relatively easily, even if it’s a large code base.

juju-lint is not suitable for inclusion in the main Juju snap, at least yet. The product is still evolving, and under active development by a few teams in Canonical for use with large scale customer deployments. It is not being developed by the Juju team. It shares no code with Juju; the plugin just calls the juju executable.

I believe that the lack of a snap-friendly plugin mechanism in Juju is one of the blockers for the main Juju snap becoming strictly confined. Technically, it would be a backwards incompatible change, since existing plugins would stop working. Practically I believe it could be done with consultation with the Juju community. I don’t know what other blockers Juju has.

It sounds easy to implement such a plugin system with the content interface.


We have production deployments underway, and want to use the snap in favor of the deb packaging.

Granting use of classic for this snap. Please consider @niemeyer’s recommendations for juju to not require classic by using the content interface. This is now live.

I forgot to mention I vetted the publisher.

Your next upload should pass automated review.