Hi, snap team!
I would like to request access to classic confinement for my package docker-image-save.
The two applications packaged there client and server have needs I don’t know how to solve without classic confinement. The server one needs access to the host’s docker socket and needs to start a server. The client application needs to have access to the network to talk to external servers and needs access to the local filesystem to save the files it downloads.
This is the repository URL for my application: https://github.com/jadolg/DockerImageSave
Thanks in advance,
Jorge
It seems like you could use:
confinement: strict
apps:
docker-image-save:
command: bin/DockerImageSave
plugs:
- home
- removable-media
docker-image-save-server:
command: bin/DockerImageSaveServer
plugs:
- network-bind
- docker
Note that current this would give your server access to the docker snap’s server socket. There is a discussion of how to open that to the docker socket as coming from a deb/rpm here: https://github.com/snapcore/snapd/pull/8789
1 Like
Thank you for your help. It works almost all of it besides the docker part because I have not installed docker using snap.
well, looks like the docker plug also needs some special permission 
Well, I settled for only having the client packaged. Manual process for checking takes too long.
It does, but we have a process you can use to request the permission: Process for aliases, auto-connections and tracks
This is a one time request which, assuming it is granted, will allow your snap to use the interface and pass automated review from then on.
1 Like