This package is for simulation and analysis of electron tomography data.
I need to have classic confinement because it is the only way I have found to be able to write out the simulated data (which is typically Gb -> Tb of data) in a directory of the user’s choice (which may be local or on a network file system).
I am open to using strict confinement if there is any other way to do this but it needs to be flexible enough that the user can choose any directory they have the relevant permissions for. If there is another way, it’s not obvious to me.
Can you please provide more specific examples of file paths which parakeet may need to access in this case? For most use-cases, home and removable-media provide sufficient access for user-facing applications and I suspect this should also be the case for parakeet too, and so I don’t think classic confinement would be warranted in this case. Thanks.
No problem, here is a concrete example. I am trying to use snap for deployment in a shared scientific computing environment where users log into VMs and have access to a directory on a shared network file system mounted at /ceph/users/${USERNAME}. As far as I am aware, writing files in this directory is not allowed by the home and removeable-media interfaces. Another concrete example, users on the baskerville tier 2 super computer have a limited sized home directory and the shared file system is also mounted at another location. If there is a way to manually grant access to a particular directory that could also work.
Other than bind-mounting these locations within the user’s /home/${USERNAME} it is not possible to support these use-cases via home or removable-media. In which case I think the only way to be able to access them would be via classic confinement. So this then gives a use-case for classic confinement for parakeet. The next step as per the Process for reviewing classic confinement snaps is to see if parakeet fits within one of the existing categories for classic confinement - can you please review these and let us know?
Sorry for the late reply, I believe that parakeet fits into the following categories:
difficulty making strict confinement work
access to arbitrary files on the system due to developer/user inertia
Regarding (2), this could be classed as user inertia; however, the user in this case would be the system administrators at the institutions installing the software. The reason I’d like to use snap is because the containerization is very useful for distributing the software but I don’t think it is feasible for me to ask for the changes to the systems required to support strict confinement.
Yes, I saw that they are both listed under unsupported but I was asked which categories the software fits within and it wasn’t listed under the supported cases. However, I think that “difficulty making strict confinement work” should be a supported category because if strict confinement cannot be made to work for legitimate reasons then classic confinement is the only possible solution. I can change anything internal to the package to fit with the strict confinement model whilst also keeping the required functionality of the software but please see above for a description of my problem.
Said snap is specifically designed to be working with big data in a shared scientific setting, including the Baskerville cluster mentioned by name as an example.
