Classic confinement request for chimg


I’m the developer behind chimg . chimg is a tool that can modify a given chroot directory such as it installs debs, preseeds snaps, replaces a kernel, install files into the chroot and executes commands in that chroot.

For that, the tool needs to be able to mount a couple of different FSs into the chroot (/dev, /dev/pts, /proc, /sys, /sys/kernel/security, /sys/fs/cgroup, /tmp and others).

Looking at snapcraft.yaml file - is it necessary to put snapd inside your snap package? And in order to be considered under classic confinement, into which category of applications does chimg belong to? Here is nicely laid out process:

yes, because snapd needs to be installed to be able to do preseeding.

I think development would be the category. this tool is very similar in scope to ubuntu-image and ubuntu-image has classic confinement. So I don’t see why chimg wouldn’t get classic confiment, too.

1 Like

Technically you have snapd installed when you install application as snap, and classic confinement shouldn’t have issues with accessing system wide snapd,or is there other specific reason?

correct. I dropped snapd from snapcraft.yaml now.

1 Like

Anything else left to do to get classic confinement approved for this snap?

I don’t have power for that here, just gave my 5 cents as pre-screening (sort of?!)

@review-team would you take a look, please? :slight_smile:

This looks very similar to cranky and others in terms of the use-cases (needing to execute arbitrary binaries from the host) and I agree it fits within the existing category of tools for local, non-root user driven configuration of/switching to development workspaces/environments).

As such, the requirements for classic confinement are understood.

I have vetted the publisher, this is now live.

1 Like