Classic confinement request: syncplay


#1

Syncplay is an open source software that synchronises the position and play state of multiple media players so that the viewers can watch the same thing at the same time. See https://syncplay.pl and https://github.com/Syncplay/syncplay for further information.

We are working on releasing the next version of Syncplay on the snap store, and we already have a working test snap, but we deemed that the classic confinement is needed by our software. Specifically, we need to interact with media player binaries installed in the user system (e.g mpv or vlc, typically located in /usr/bin/).

For this reason, we would like to request a permission to use the classic confinement for the upcoming syncplay snap.


#2

Looking at the website it appears there is some sort of network coordinate where syncplay will drive various playback options via the command line of various media players. I don’t see a path forward for this application wrt strict confinement unless we required use of mpris or some other protocol. Does syncplay support driving applications via mpris?

That said, the idea of having a network server that takes input from over the internet to run arbitrary commands is pretty scary and something that would benefit greatly from strict confinement. @pedronis - this is a new class of classic application, can you weigh in?


#3

Thank you for considering classic confinement for Syncplay, which is an open source project with over 2,000 weekly active users that has been actively maintained and developed over the past seven years.

Syncplay does not take input from over the internet to run arbitrary commands.

As noted at https://syncplay.pl/about/syncplay/ what can be controlled is strictly limited to the following:

  • Current position (seek commands).
  • Current play state (pause and unpause commands).
  • Currently playing file if shared playlists are enabled (only opens files located in user-specified media directories or on whitelisted websites)

The following aspects of the media player are affected, but not controlled, by the server:

  • OSD / On-screen display (for the display of messages).
  • Playback rate (for slowdown due to time difference).

In answer to your query, Syncplay was not designed to be used with mpris. We have not limited our supported media players (VLC, mpv, MPC-HC, MPC-Be) or supported operating systems (Windows, Linux, *BSD, macOS) to those which work with mpris. Furthermore, in terms of features we have worked with the developers of those media players to make the most of the functionality of each media player to provide the best user experience

As such, I hope that Syncplay can be granted permission for classic confinement as it is necessary for the operation of the software.


#4

I meant arbitrary in terms of what is allowed by the confinement and the system. Syncplay obviously isn’t designed for that specifically, but classic confinement grants this to the snap so a flaw in syncplay would mean there is nothing to stop this.


#5

@pedronis - gentle ping so it doesn’t fall off your radar (I know you’re sprinting this week).


#6

Yes, it’s definitely problematic that combination of classic and control over network.

I assume this is using the players’ commands as clients to their player/server part?

What kind of access would be needed if those would be embedded in the snap? some dbus/socket access?