Hello,
This is a request for classic confinement for the command line utility tre. tre is an improved version of the unix command tree. Its function is to list content of the file system, therefore it needs access as provisioned by the classic confinement. Tre is open source.
I’m the author of this tool and am happy to answer any questions.
Thanks for your consideration!
The requirements are understood: this snap needs read access to all directories on the system and access to hostfs. Interestingly, I suspect the snap would work in strict mode with the following added to the apparmor policy:
/**/ r,
and then running tre /var/lib/snapd/hostfs (I personally tested this by using ‘tree’ under confinement). @dduan, as a test (ie, don’t upload to the store), can you modify your snap to use strict confinement then update /var/lib/snapd/apparmor/profiles/snap.tre.tre (or similar) to add before the final ‘}’:
/**/ r,
then run: sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.tre.tre to load the policy into the kernel, then test your snap to see if it is fully functional (please note that ‘/’ is the root of the runtime of your snap and ‘/var/lib/snapd/hostfs’ is the root of the classic system.
If it works, that might be something we can add for strict mode snaps.
@dduan This request is waiting on your response to @jdstrand’s question above - it cannot proceed without more information from you.
@dduan - since we’ve not heard back from you, I’m removing this request from our review queue. Whenever you have a chance to respond, please do and we can add it back.