Classic confinement request for the go-mtpfs(was: go-mtpfs-brlin) snap

Dear @reviewers, advocacy team and snappy architects,

I would like to request classic confinement for my snap go-mtpfs (was: go-mtpfs-brlin) according to the process for reviewing classic confinement snaps.

Recipe source:


Requires unprivileged fuse mounts capability

This snap is a fuse filesystem driver, the common use case is to mount phone or tablet’s internal storage to user-defined location (like ~/Mountpoints/My phone). As the fuse-support interface currently doesn’t support unprivileged fuse mounts and only support mounting under SNAP_* it is not possible to fulfill the requirement.

As a result, the snap is not likely to be strictly confined for now and requires classic confinement.
Thanks in advance!

In I discussed the next steps if there was ever a case for a fuse-control interface. It seems like there is now and I would much prefer implementing that instead of granting applications classic.

I’ll put it on my todo and will try to get this in for 2.37, however, if you wanted to take a crack at updating snapd, the security policy is laid out in the above url.

1 Like