Classic confinement request: calyx-vpn

Hi! I’d like to request classic for calyx-vpn. This is a branding of https://github.com/leapcode/bitmask-vpn made for The Calyx Institute, made by LEAP.

The reasons for needing classic are the same ones as were for riseup-vpn: dropping a polkit file to allow elevated privilege when running openvpn.

Hi, work is ongoing in snapd to add support for snaps to ship polkit files - https://github.com/snapcore/snapd/pull/10219 - does this look suitable for the use-case for calyx-vpn? My understanding is this is close to being finished so would be available in a snapd version in the not-too-distant future.

@jamesh do you know how far off this might be?

sounds like this would allow to drop the classic confinement, thanks; when that happens we’ll also see to change riseup-vpn to stop using classic then.

1 Like

@kalikaneko I see the https://github.com/snapcore/snapd/pull/10219 has been merged. Whenever possible let us know if this works for calyx-vpn so we can remove this request from our review-queue.

Thanks!