Classic confinement request: cmake


#1

CMake can be used to perform a variety of actions which may need to access pretty much any part of the system, including attached devices, network communication, system libraries, etc. Anything that a compiler, toolchain, test executable, etc. might want to do is in scope, but also any project logic implemented in the CMakeLists.txt files by the project. This includes arbitrary file accesses and executing child processes (so that opens up the possibility of also running anything the user would normally be able to do outside of a snap). The classic confinement seems to be the only way to give the level of access required.

NOTE: Already discussed at the Snapcraft Summit with @daniel who agrees that classic is appropriate here.


#2

+1 from me based on the fact it needs access to arbitrary binaries across the system to build projects.


#3

:+1: from me, the requirements for CMake needing classic confinement are well understood.


#4

The requirements are understood and the publisher has been vetted. This is now live.