Classic confinement for ncdu


#1

Recently, I was able to get my snap, “ncdu-kz6fittycent”, changed to ncdu. As this application is a useful tool for seeing deep into a file structure, including root, I’d like to request that it be granted classic confinement.

Let me know if there’s anything you need me to do.

EDIT: Here’s a link to the forked git repo: https://github.com/kz6fittycent/ncdu


#2

This lacked sufficient detail to process the request, but I see from here: https://dev.yorhel.nl/ncdu “Ncdu is a disk usage analyzer with an ncurses interface. It is designed to find space hogs on a remote server where you don’t have an entire graphical setup available, but it is a useful tool even on regular desktop systems. Ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.”

I’m curious on if:

  1. the upcoming system-backup interface would work for this: https://github.com/snapcore/snapd/pull/6436
  2. if adding this to the apparmor profile is sufficient:
/{,**/} r,

In either case, you can add rules to /var/lib/snapd/apparmor/profiles/snap.ncdu.ncdu, then compile and load the rules into the kernel with sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.ncdu.ncdu.

One complication with this is that ncdu would probably need to be modified to understand that it is running as a snap since the above should give access to the files, the meaningful directories are in /var/lib/snapd/hostfs due to the snap’s runtime mount namespace. Classic certainly would be the path of least resistance, but classic isn’t available on all-snaps systems like Ubuntu Core, and I suspect this application could be very useful on Ubuntu Core devices, so it may be worth the effort.

Quick testing shows that ‘2’ above may be sufficient for ‘du’. If it is, perhaps we can create a new interface for that.