Classic confinement for logmein-rc-extension

Hello,

I would like to request classic confinement for the logmein-rc-extension (source code) that is a remote control addon of the logmein-host (source code).
The LogMeIn host for Linux currently provides only a secured shell access on a web terminal. With that extension we would like to implement a (graphical) remote control through as well.

That extension is basically running an x11vnc server that cannot authenticate the user with strict confinement. As far as I know we cannot access pam and cannot run /bin/su from a snap package. I read the documentation and the code of some relevant interfaces like account-control, password-manager-service or accounts-service but none of them seemed to be working for us. Please advise.

Thanks in advance and I’m looking forward to hearing from you, if you require any more info or have any questions please let me know.

Best regards,
Janos

It isn’t clear to me from the description how this snap specifically works and how it differs from logmein-host. The snap for logmein-host does not require classic access and, looking at the snap.yaml for it, it seems to run daemons (which all start as root) and presumably a client can connect to it and have ‘root’ access to the filesystem areas allowed to the snap (ie, the snap-specific directories).

For x11vnc integration, it is unclear what you are trying to do in terms of implementation. Are you assuming there is an X server running? If so, you are correct that you cannot use su to run x11vnc under that user. Better would be for you to use a user service within the user’s session that is launched automatically upon login, and then connect to that. Today, user services are still a work in progress, but you can use The snap format in the meantime.

@jkasza this request is waiting on your response to @jdstrand’s questions above - without that it cannot proceed.

@jkasza - since we’ve not heard back from you, I am moving this request out of our review queue. When you have a chance to respond to the requested feedback, please do so here and we can add this back to the queue.