Classic confinement request for the WoeUSB snap

Dear @reviewers, @advocacy team, and snappy @architects,

I would like to request classic confinement for my WoeUSB snap according to the process for reviewing classic confinement snaps.

WoeUSB is a Microsoft Windows installation media preparer utility, source: https://github.com/WoeUSB/WoeUSB

I am the current application’s project maintainer and wishes to distribute the application via snaps due to its command-line application friendliness and integrated automatic upgrade mechanism.

This application is essentially a standalone GNU Bash script, which is supposed to be run as the superuser in its intended purposes.

Reasonings

Requires using the mount command to mount file systems

This application requires the mount command to mount filesystems on a Windows installation media and a certain partition on the user’s USB key, which is not usable in strict confinement even when the command is available via stage-packages.

While the udisks2 interface looks promising, it requires rewriting the file system handling logic which may not be feasible ATM.

Requires other superuser permissions

Aside from the filesystem mounting task, WoeUSB also needs root-like permissions to do things like re-partitioning a disk and installing the GRUB bootloader stage * bootstrap code (rawly) to the storage device, these may be achievable by using the block-devices interface, though.

Thanks in advance!

What denials do you see when this application is run in devmode? Have you tried using the udisks2 plug at all? Note that udisks2 allows using mount from the base snap of the application.

@Lin-Buo-Ren ping, can you please provide the requested information? I also feel that using udisks2 and block-devices may allow woeusb to operate under strict confinement.

@Lin-Buo-Ren - ping, this request cannot proceed without the requested information?

Apologies for the ignorance, I’m currently in the process of refactoring the code to be more snap-friendly.

@alexmurray @pfsmorigo

Apologies for the ignorance, I’m currently in the process of making WoeUSB more snap-friendly and is currently unable to give an answer.

Unfortunately the graphical interface is unmaintained and thus stripped out from the WoeUSB package. We welcome patches to make it on Flathub, though .

No worries @Lin-Buo-Ren, in case you are not familiar with it, snappy-debug is very helpful during troubleshooting. It will recommend missing interfaces based on the behavior it observes in your snap.

Feel free to paste the output here or ask further question as needed.

@Lin-Buo-Ren since you are reworking woeusb, I will remove this request from our queue for now, but if you feel this is still required in the future please let us know and we can re-evaluate it then. Thanks.