Classic confinement request for the WoeUSB snap

Dear @reviewers, @advocacy team, and snappy @architects,

I would like to request classic confinement for my WoeUSB snap according to the process for reviewing classic confinement snaps.

WoeUSB is a Microsoft Windows installation media preparer utility, source: https://github.com/WoeUSB/WoeUSB

I am the current application’s project maintainer and wishes to distribute the application via snaps due to its command-line application friendliness and integrated automatic upgrade mechanism.

This application is essentially a standalone GNU Bash script, which is supposed to be run as the superuser in its intended purposes.

Reasonings

Requires using the mount command to mount file systems

This application requires the mount command to mount filesystems on a Windows installation media and a certain partition on the user’s USB key, which is not usable in strict confinement even when the command is available via stage-packages.

While the udisks2 interface looks promising, it requires rewriting the file system handling logic which may not be feasible ATM.

Requires other superuser permissions

Aside from the filesystem mounting task, WoeUSB also needs root-like permissions to do things like re-partitioning a disk and installing the GRUB bootloader stage * bootstrap code (rawly) to the storage device, these may be achievable by using the block-devices interface, though.

Thanks in advance!

1 Like

What denials do you see when this application is run in devmode? Have you tried using the udisks2 plug at all? Note that udisks2 allows using mount from the base snap of the application.

@Lin-Buo-Ren ping, can you please provide the requested information? I also feel that using udisks2 and block-devices may allow woeusb to operate under strict confinement.