Classic confinement request: softhub

store-requests classic-confinement
1
  • name: softhub
  • description: The app is a launcher used by clients of our organization to download our products. We do soft to control mobile robotics and a simulator for mobile robotics.
  • snapcraft: PRIVATE — snapcraft.yaml available to reviewers upon request.
  • upstream: PRIVATE
  • upstream-relation: maintainer (Soft V LLC)
  • supported-category: probably “tools for local, non-root user driven configuration of/switching to development workspaces/environments” but not sure
  • reasoning:
    • Clients can run our products using the launcher and also kill the running processes of our apps. An app (for example simulator) could also be ran without launcher but the launcher still requires possibility to kill the proccess of simulator;
    • The launcher is a part of out licensing process. We do license our apps using hardware information like processor id, mac address and etc;
    • The launcher allows clients to choose a directory in which they want to install an app wihout requiring ‘sudo’. For now as I can see even ‘/home/user’ folder is under restrictions;
    • Probably there are more reasons but I’m not sure for now.

I understand that strict confinement is generally preferred over classic.

I’ve tried the existing interfaces to make the snap to work under strict confinement.

Thank you for your consideration.

2

This request has been added to the queue for review by the @reviewers team.

3

Hello @crackanddie !

I am not sure this application falls under one of the supported categories for classic confinement. Based on the reasoning provided, here are a few suggested workarounds to help you achieve strict confinement:

  • Process Management: To allow your launcher to manage or kill other processes (like the simulator), the process-control interface is the standard solution for this.

  • Directory Access: While the home directory is restricted by default, using the home interface usually provides sufficient access for installing applications without requiring sudo.

  • Licensing : You mentioned using Processor IDs and MAC addresses for licensing. Before considering classic confinement, I recommend testing the hardware-observe or system-observe interfaces, which may provide the necessary read access to system information.

If you need further assistance, feel free to ping us :slightly_smiling_face: