Dear @review-team,
I’ve made a snap under the name spacedisplay. It contains an app to scan file system and analyze used space, you can find a demo with source here:
My app can run only in classic confinement since it’s primary feature is to scan files on user disk. And it looks like there is no way to give arbitrary access to files in strict mode.
Thanks!
The system-backup interface provides access to the full file-system under the path /var/lib/snapd/rootfs/ - would this be able to be used instead for your snap, then it can hopefully work under strict confinement.
Thank you for the suggestion! This interface helped, with it app is able to scan whole filesystem. Adding mount-observe also allowed to get list of available mounts.
My app allows user to delete files in arbitrary places. When I added interface system-files with write: /var/lib/snapd/hostfs, I was able to delete files that user owns. But if I run snap with sudo, I’m not able to delete any files (both that were created by normal user or by root). This is a serious downside to using strict confinement. Running my app with sudo is a normal operation since it allows to scan more files. For example system logs might take a lot of place and be protected and unavailable for scan to normal user. And not able to delete them from inside app is unfortunate.
If this can’t be fixed inside strict confinement can I get access to classic?
Unfortunately whilst your snap may have a requirement to use classic confinement (ie the ability to access and modify arbitrary files on the host system), I am not sure it fits within one of the supported categories - can you please refer to Process for reviewing classic confinement snaps and help me understand if it does fit within one of the existing categories?
Also from the general discription of the app at https://github.com/funbiscuit/spacedisplay it seems like it is more focussed on just needing read access rather than write - in which case, I expect the majority of the usecases for this snap would be met via strict confinement with system-backup and mount-observe.
I think closest category would be a file explorer/file manager, but there is no such category in that list. How would someone upload a snap for a general file explorer like Dolphin? I tried to find any snaps that work like file explorers and found none (except IDEs).
Yes unfortunately this (file managers) is not a currently supported category for classic confinement, and only snapd architects (@pedronis and @niemeyer) can make new such categories. Can either of you comment on whether it would be appropriate to add such a new category for classic confinement? Thanks.
Hi!
I’m not a reviewer or anything, but I just saw your snap and it looks really cool.
I just wanted to congratulate you on making such a cool app - I can’t wait to see it accepted in the store, and I can’t wait to use it.
I can see a lot of effort went into this, great work!
Thank you for making the amazing snap,
foss-for-the-win
P.s. rust - yay! It’s one of my favourite languages and I really enjoy seeing apps like yours that make great use of it.
Thanks a lot!
It might not be accepted for reasons above (requiring classic confinement). So don’t wait, install a prebuilt binary from releases page or just install via cargo (check readme in repository, it has instructions)
Hello @funbiscuit
Apologies for the delay in responding to this, we have had several discussions about snaps such as this, and the criteria for classic confinement. The result is still that your snap does not meet one of the existing categories for classic confinement, and as such I will reject this request. The existing categories have been created with careful consideration and it is just a case that this type of application does not align with the goals of confinement.
With system-backup and mount-observe you still have read access that allows the core functionality, and it might be less than ideal, but using the home interface would allow for users to delete files in their home directory.
