Classic confinement for wksctl


#1

Dear @reviewers, I would like to request classic confinement for the wksctl (https://github.com/weaveworks/wksctl) snap.

Some of its commands (e.g. wksctl apply) need to read local configuration files that are being passed by users via command line args. Ideally, enabling access to only those specified files would work fine, but as the paths are dynamic, my understanding is that the only way to make it work is by giving a broad file read-access to the snap.

An alternative I was considering is strict confinement with home / personal-files interfaces enabled, but I don’t know if that would be any better if the scope was set to the root anyway.

Thank you in advance!


#2

References:


#3

Can you describe typical workflows that cannot be accommodated with strict mode, home and removeable-media?


#4

Can you describe typical workflows that cannot be accommodated with strict mode, home and removeable-media?

Sure @jdstrand, I’ll quote https://github.com/mflendrich here as he’s one of the main contributors to wksctl:

This is a tool that accesses a file provided by the user. It sounds like bad UX if the user was forced to have the file stored under $HOME. They could e.g. have checked the repo out to /tmp.

Indeed, if a user would try to go through any of our guides (e.g. the one I posted above as Flow example) by checking out the repo to their /tmp, wksctl would fail with only the permissions you listed.


The configuration files in question actually describe the Kubernetes cluster to be set up by wksctl, so at least in some cases, they are quite likely not to be living in any of the user home directories.

To get a better feeling of what the configuration files typically look like, please take a look at:

I hope this explains it - please feel free to ask more questions if you need more information!


#5

From my reading of wksctl I think strict confinement with the home and removable-media interface should be sufficient. So :-1: for classic confinement for me.


#6

Cloning to /tmp always feels like a strange thing to do, personally. I appreciate some might use this workflow as it results in files disappearing after some while, but I have a (possibly somewhat irrational dislike of it). This could be worked around by simply changing the docs to ~/tmp and thus cloning to a non-hidden directory in the directory allowed by the home interface.


#7

@filipbarl I also tend to agree that home and removable-media should be sufficient based on my understanding of wksctl - if this is not sufficient, can you please explain in more detail specific use-cases which can not be easily supported?


#8

@filipbarl - FYI - this request is still waiting on your response to the above questions.