I am developing a Juju charm writing framework published as the Lucky snap. It is still under heavy development and is not ready for stable publishing yet, but I wanted to get started on verifying whether or not I could get/need classic confinement for the snap.
The lucky binary serves three purposes:
lucky daemon that runs alongside the charm agent and runs charm scripts
lucky client that is run from the charm scripts to control aspects of the daemon
lucky charm which is used by the charm developer on their local workstation to create and build charms
The Lucky daemon will need full permission to the system because it needs to be able to run scripts that can modify the system in any way including installing kernel modules, other snaps, apt-packages etc. It will also be running Docker containers.
The Luck charm tool that gets installed on the users workstation does not necessarily need those permissions.
The Lucky client just needs permissions to talk over daemon socket.
FYI, this request has been enqueued. It is a potentially new use case for classic and needs further discussion, but due to the holidays, that discussion is delayed. Thank you for your patience.
I’m realizing that installing Lucky with a snap as a part of Lucky charm deployments may not be what I want to do. The biggest reason not to would be that it would require installing snapd on the host when I really only need to download a single binary. There isn’t really a reason to require installing snapd when I can just download my own automated builds from GitHub.
What I would want to use the snap for would be for the charm developer. In that case, having the snap confined would be perfectly acceptable and I would not need classic.
I’m going to do a little more evaluation, but I’m pretty sure that I will no longer need classic support for Lucky.
