Classic confinement request for advantech-bsp-launcher

fabian415 · September 4, 2025, 8:24am

name: advantech-bsp-launcher
description: BSP Launcher is a GUI tool developed by Advantech for creating BSP images and flashing devices for various SoC platforms. It integrates hardware-specific routines and scripts for compiling and flashing embedded system images.
snapcraft: /
upstream: PRIVATE
upstream-relation: I am the upstream developer and publisher of the snap.
supported-category: developer-tools
reasoning: BSP Launcher must run with system-level privileges to fulfill its purpose as a BSP development and flashing tool. Our workflow involves two major components:

BSP Build

Requires running Docker containers with --privileged mode to provide a controlled build environment.
Needs root privileges for Docker operations and for installing dependencies inside the container.
Performs build operations that rely on system toolchains and device-specific scripts.

Device Flashing

Uses SoC vendor tools (e.g. Rockchip upgrade_tool) which require root privileges to communicate with devices in Maskrom mode.
Directly interacts with USB devices and writes to block storage (e.g. flashing boot.img, recovery.img, rootfs.img, etc.).
Only executes scripts after verifying the connected device is legitimate and supported.

We attempted to use strict confinement with available interfaces but the build and flashing operations failed. Root-level device operations cannot be sandboxed and strict confinement does not allow privileged Docker usage, system-level USB enumeration, and raw block device writes. I understand that strict confinement is the default and preferred mode for snaps, but in this case, strict confinement makes the snap unusable.

BSP Launcher is a developer tool that inherently requires unrestricted access to system resources in order to build BSP images and flash hardware devices. For these reasons, classic confinement is necessary.

[v] I understand that strict confinement is generally preferred over classic.

[v] I’ve tried the existing interfaces to make the snap to work under strict confinement.

store-requests-bot · September 4, 2025, 8:24am

This request has been added to the queue for review by the @reviewers team.

jslarraz · September 8, 2025, 9:23am

Hey @fabian415

Technical requirements are possibly valid. However, I think it does not fit great any supported category. @pedronis what do you think?

Additionally, classic + root is not a good combination security-wise.

Thanks!

ogra · September 8, 2025, 9:36am

We do have a bunch of flashing tools that are strictly confined (using the raw-usb plug in combination with hardware-observe, system-observe and a few others) and work just fine (uuu (universal-upgrade-utility) for NXP devices would be an example here, esptool, rpi-imager or even the Arduino IDE would be others)…

Root access should be achieved via calling the app with sudo or through pkexec…

We also have a docker interface that allows launching, running and maintaining containers that you could utilize (and again using sudo or pkexec for privilege escalation)

Adapting your application to these interfaces might require some changes though…

jslarraz · September 8, 2025, 3:27pm

@ogra thanks for that information. In that case, I think that strict confinement is the path we should pursuit