Classic confinement request for Portfall

Portfall allows the user to choose any path for their kubernetes config + the issues described here Classic confinement for kontena-lens. https://github.com/rekon-oss/portfall

@reubenestd - this request lacks sufficient detail to proceed. Can you describe your application, typical use cases and the precise reasons why you require classic confinement?

@reubenestd I am removing this request from our queue but will re-add it if you can provide the requested information.

Portfall is a GUI on top of kubernetes port-forwarding. The user can select an arbitrary file to use as the kubeconfig file which is then loaded to access the cluster. During this loading other auth files may be loaded which may also be in arbitrary locations on the filesystem. This is the bit that I believe requires classic confinement.

Once the kubernetes client is validated, a port is chosen for each website in the chosen namespaces using localhost:0 to find an available port.

Here’s a gif showing it in action.

I have added the requested information, please let me know if anything else is needed!

Are these configs commonly stored in ~/.kube? If so the personal-files interface can be used to access this path under strict confinement - this would seem most appropriate from what I can see.

In addition to ~/.kube and use of personal-files, there is also the home interface. There are several snaps in the store that use personal-files with ~/.kube. @reubenestd - did you have a chance to try? (This request cannot proceed without the requested information)

@reubenestd I am removing this request from our internal queue for now - when you can provide the requested info I can re-add it again. Thanks.