Classic confinement request for docker-image-save

Hi, snap team!
I would like to request access to classic confinement for my package docker-image-save.
The two applications packaged there client and server have needs I don’t know how to solve without classic confinement. The server one needs access to the host’s docker socket and needs to start a server. The client application needs to have access to the network to talk to external servers and needs access to the local filesystem to save the files it downloads.
This is the repository URL for my application:
Thanks in advance,

It seems like you could use:

confinement: strict
    command: bin/DockerImageSave
    - home
    - removable-media

    command: bin/DockerImageSaveServer
    - network-bind
    - docker

Note that current this would give your server access to the docker snap’s server socket. There is a discussion of how to open that to the docker socket as coming from a deb/rpm here:

1 Like

Thank you for your help. It works almost all of it besides the docker part because I have not installed docker using snap.

well, looks like the docker plug also needs some special permission :frowning:

Well, I settled for only having the client packaged. Manual process for checking takes too long.

It does, but we have a process you can use to request the permission: Process for aliases, auto-connections and tracks

This is a one time request which, assuming it is granted, will allow your snap to use the interface and pass automated review from then on.

1 Like