Classic confinement request for cybertection-guardbot

store-requests classic-confinement
1

Classic confinement request for cybertection-guardbot

Category:

Select “store-requests” → “classic-confinement”

Post body:

**Snap name:** cybertection-guardbot

**Publisher:** cybertection (cybertection@cybertection.net)

**Store link:** https://snapcraft.io/cybertection-guardbot

**Revision requesting classic:** 24 (version 21.0)

**Technical justification for classic confinement:**

Cybertection Guardbot is a VPN and antivirus security application that requires classic confinement for the following technical reasons:

1. **VPN Management with pkexec:** The application uses `pkexec` to execute `wg-quick` commands with elevated privileges to configure WireGuard VPN tunnels. Strict confinement blocks the PolicyKit D-Bus communication channel required for pkexec authentication dialogs to function.

2. **Network Interface Control:** The app needs to create and manage the `wg0` network interface via `wg-quick up/down` commands, which requires direct access to the host system’s networking stack and `/etc/wireguard/` configuration files. Strict confinement prevents this level of network control.

3. **System-level Security Monitoring:** The antivirus component needs to scan system files and processes across the entire filesystem, not just within the snap’s confined environment. This requires unrestricted filesystem access to detect malware in user directories and system paths.

**Why strict confinement won’t work:**

We attempted strict confinement with the `network-control` plug, but this is insufficient because:

- `pkexec` requires access to the host’s PolicyKit service over D-Bus

- WireGuard configuration requires write access to `/etc/wireguard/`

- Both are blocked even with `network-control` in strict mode

Version 21.0 (revision 24) has been submitted and is currently rejected pending this classic confinement approval.

Thank you for your consideration.

2

This request has been added to the queue for review by the @reviewers team.

3

Disclaimer: I’m not a store reviewer, the following is merely my opinion.

Hate to be that guy but here is some “interesting” information regarding the snap’s “publisher”.

I’d suggest doing a KYC before granting classic confinement to this snap.

2 Likes
4 
Thank you for the review. I understand the need for verification given classic confinement's system-level access.

To address the concerns:

1. **Company:** Cybertection LLC is a legitimate cybersecurity startup based in Stevensville, Maryland, founded in 2024.

2. **GitHub repositories:** Those are proof-of-concept and development repositories for our security tools. The guardbot snap is our production-ready VPN/antivirus application.

3. **Multi-platform presence:** We've published on Google Play (Android), and we're expanding to Linux via Snap Store to provide cross-platform security solutions.

4. **Business verification:** Our website (cybertection.net) includes company contact information, and we're registered as Cybertection LLC.

I'm happy to provide additional verification if needed (business registration documents, domain ownership proof, etc.). We're committed to building legitimate security software and understand the scrutiny required for classic confinement.

What additional information would help with the verification process?
5

Hi @cybertection-LLC !

Classic confinement is reserved for specific categories, listed here. As ‘cybertection-guardbot’ doesn’t fall into these categories, we cannot approve the request (#reject).

However, if you can provide the specific logs or errors you’re encountering, we can help you look for an alternative solution :slight_smile: