I’ve put together a snap for valgrind, the excellent memory and other things debugging tool. I’m not part of upstream, so will be proposing the snap for adoption into the snapcrafters stable.
I would like to request classic confinement for this snap.
Valgrind is a debug tool which directly runs the program being debugged. This means the snap could need access to any given interface, depending on what is being debugged. For example, debugging vlc might mean access to the alsa, camera, dbus, dvb, framebuffer, network, opengl, x11 and more besides, or debugging “useradd” would presumably need account-control access. Put another way, if the user wants to debug a program that would itself require classic confinement, then classic confinement is needed to do that.
The requirements are understood since this is a debugging tool and needs to run arbitrary commands. That said, we already provide snap run --strace and snap run --gdb, does the snapd team plan to introduce snap run --valgrind? (cc @mvo and @pedronis)
I’m sure you’re already well aware, but I just want to point out that whilst I’m sure it would be very valuable, the potential snap run --valgrind command is a different use case to the everyday development and debugging use case that I feel this snap addresses.
This would get us closer to having the most commonly used developer tools snapped. Given that valgrind must run arbitrary commands to be useful, I presently see no other way to snap it than under classic confinement. I’m a +1.