Classic confinement request: pearpass

chetas.murali · April 14, 2026, 12:47pm

name: PearPass
description: A fully local, open-source password manager.
snapcraft: TBD
upstream: GitHub - tetherto/pearpass-app-desktop: PearPass is an open-source, privacy-first password manager with peer-to-peer syncing and end-to-end encryption. · GitHub
upstream-relation: Author
supported-category: Other (Desktop Integration / Native Messaging Host)
reasoning: PearPass requires classic confinement to facilitate communication between the desktop application and various web browsers (Chrome, Firefox, Brave, etc.) through the Native Messaging protocol. Technical blockers under strict confinement include:
- Native Messaging Host Discovery: Browsers expect Native Messaging JSON manifests to be located in specific, hard-coded system directories. Strict confinement restricts the snap to its own internal directories, preventing browsers from discovering and communicating with the PearPass binary. Binary Execution by Host Processes: The Native Messaging protocol requires the browser (a host-level process or another snap) to execute the PearPass binary directly. Strict confinement’s mount namespace prevents external processes from accessing and executing the binary located within the snap’s private filesystem.
- Local IPC and Socket Constraints: To maintain a “cloud-free” architecture, PearPass relies on local Unix sockets and IPC for pairing the desktop vault with the browser extension. Internal testing confirms that strict confinement prevents the creation and sharing of these socket files across the sandbox boundary, which is essential for the “local-only” data sovereignty model we provide to users.
- Electron Runtime Requirements: As an Electron-based application serving as a system-wide utility, the application requires access to system resources and the ability to spawn processes that cannot be effectively bridged using existing strict interfaces (like desktop or desktop-legacy) without breaking the core pairing functionality.
I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap to work under strict confinement.

store-requests-bot · April 14, 2026, 6:41pm

This request has been added to the queue for review by the @reviewers team.

ogra · April 15, 2026, 12:26pm

There are plenty of password managers in the store that run fine with strict confinement using native messaging through a system-files interface, as an example please see the keepassxc snapcraft.yaml:

github.com/keepassxreboot/keepassxc

snap/snapcraft.yaml

develop


      
              plugs: [home, unity7, network, network-bind, removable-media, raw-usb, password-manager-service, browser-native-messaging]
              autostart: org.keepassxc.KeePassXC.desktop
            cli:
              command: usr/bin/keepassxc-cli
              extensions: [kde-neon]
              plugs: [home, removable-media, raw-usb]
            proxy:
              command: usr/bin/keepassxc-proxy
              extensions: [kde-neon]
          
          plugs:
            browser-native-messaging:
              interface: personal-files
              write:
                - $HOME/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json
                - $HOME/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
                - $HOME/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
                - $HOME/.config/microsoft-edge/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
                - $HOME/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
                - $HOME/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json
                - $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json

There is no need for classic confinement for this feature (and there is also no category in the supported set at Process for reviewing classic confinement snaps (which is a mandatory requirement for even getting considered for classic confinement))

yomonokio · April 16, 2026, 11:35am

Hello @chetas.murali!

As @ogra explained the snap is not a good candidate for classic (#reject).

If you need any further assistance feel free to reach out

chetas.murali · April 17, 2026, 2:35pm

Hi team,

Thanks alot for the feedback. We will get back to the drawing board for this, and reach out for any questions.

Cheers!