Classic Confinement Request for Xcasca

name: xcasca

description: Xcasca is a lightweight cross-platform SSH & SFTP Client. With a simple but comprehensive UI, Xcasca gives you a pure terminal emulation experience.

snapcraft: The app uses electron-builder to automatically generate the yaml file. The rest of the information is manually edited in the snapcraft console.

upstream: Private

upstream-relation: The requestor and the author of this app are the same person.

supported-category: Terminal emulators, multiplexers and shells

reasoning: Our app accesses external processes to use Agent forwarding during SSH/SFTP connections, or accesses local directories to read/write files after SFTP connections, so we need to access files outside of the sandbox.

I understand that strict confinement is generally preferred over classic.

I’ve tried the existing interfaces to make the snap to work under strict confinement.

This request has been added to the queue for review by the @reviewers team.

Classic confinement is usually not just achieved by flicking the switch in your snapcraft.yaml and be done, usually it takes weeks if not months of snapcraft.yaml fine tuning, (binary) patching the libraries you use and applying the correct layouts to make sure the two environments (inside and outside of the snap) do not leak into each other.

Given the history of electron-builder (it is great for very simple projects that do not require any tweaks of the snapcraft.yaml but badly fails as soon as you need to change something when you have to do any adjustments), I wonder how you managed to make sure classic confinement really works safely …

Have you read and followed the hints in the developer documentation ?:

If you did not, how exactly do you make sure your snap runs the very same way on all distros you install it on ? (even classic snaps need to behave the same when installed on gentoo as well as on OpenSuse, debian, fedora, Arch … that requires to make sure no libs from the outside are being used at runtime to spawn your app)

While your snap seems to match the proper category, I simply can not imagine that electron-builder is a suitable way of getting all the bits and pieces sorted for a classic snap unless your app is 100% static and does not ship any stage libraries …

Thank you for your detailed concerns regarding classic confinement and its implementation in our snap, Xcasca. I’d like to address how we’ve approached this to ensure a safe and consistent experience across distributions, including Gentoo, openSUSE, Debian, Fedora, and Arch, while transitioning from our existing app, PortX (available at Install portx on Linux | Snap Store), to Xcasca.

Xcasca is a lightweight, cross-platform SSH and SFTP client with a straightforward terminal emulation focus, which keeps its requirements relatively simple compared to more complex applications. This simplicity has allowed us to leverage electron-builder effectively without the need for extensive snapcraft.yaml fine-tuning or binary patching.

While electron-builder is known to work best for simpler projects, Xcasca’s architecture aligns well with this. The application is primarily a self-contained Electron-based app, bundling its dependencies (e.g., Node modules and required system libraries) within the snap. We use electron-builder to generate the initial snapcraft.yaml, which we then manually refine in the Snapcraft console to ensure compatibility and proper configuration for classic confinement. This approach has worked seamlessly, as Xcasca does not require complex interactions with external system resources beyond what’s necessary for SSH/SFTP and terminal emulation.

Our experience maintaining PortX has been instrumental. PortX, which also uses classic confinement, has not encountered issues with local shell access or file transfer features (e.g., SFTP). We’ve applied the same principles to Xcasca, ensuring that the snap’s environment is properly isolated and that file system access for SSH/SFTP operations is handled within the snap’s boundaries. The transition from PortX to Xcasca has been smooth, as both apps share a similar architecture, and we’ve reused proven configurations from PortX to avoid common pitfalls.

In summary, Xcasca’s simplicity as a terminal emulator and SSH/SFTP client means it doesn’t require the complex adjustments that more resource-intensive applications might need. By leveraging electron-builder’s snap support, carefully configuring the snapcraft.yaml, and drawing on our successful experience with PortX, we’ve ensured that Xcasca’s classic confinement is both safe and consistent across Linux distributions. We’re confident that this approach avoids the pitfalls you’ve highlighted, and we’ll continue to monitor and refine the snap as we phase out PortX. If you have specific concerns or scenarios you’d like us to address, we’re happy to dive deeper!

Hi,

I wanted to kindly follow up regarding my previous message about the implementation of classic confinement in Xcasca and our approach for a secure experience across distributions. We haven’t yet received any feedback or response, and we’re eager to address any outstanding concerns or answer specific questions to ensure the confinement review process proceeds smoothly.

If you need more information or have particular scenarios you’d like us to clarify—especially regarding security boundaries, user workflows, or configuration details—please let us know. Your review and feedback are crucial for our Xcasca release, and we’re keen to make any necessary adjustments to guarantee compliance and user safety.

Thank you in advance for your attention to this matter, and I look forward to your response.

@ogra Hi, I was wondering if there are any updates on this.