To make the review of your request easier, please use the following template to provide all the required details and also include any other information that may be relevant.
- name: rclone-ui
- description: A native, cross-platform GUI for
rclone - snapcraft: rclone-ui/snapcraft.yaml at main · rclone-ui/rclone-ui · GitHub
- upstream: GitHub - rclone-ui/rclone-ui: The cross-platform GUI for rclone & S3. · GitHub
- upstream-relation: Creator.
- supported-category: No exact match found, might need senior review.
- reasoning: See below.
I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap to work under strict confinement.
Note that snappy-debug can be used to identify possible required interfaces. See docs/debug-snaps for more information.
Hello, I am the creator of Rclone UI and a member of the main/upstream rclone Github org.
I’m requesting classic confinement access to publish the rclone-ui snap.
We have tried sandboxing in the flatpak version but we get many issues due to it and have introduced a message to have the user give full host access in order to operate as expected. This isn’t the best solution, especially for non-techies who expect the app to “just work”.
Reasoning
Rclone UI is a frontend for the rclone CLI tool. It needs classic confinement for two reasons that cannot be satisfied by plugs:
1. Executing the user’s rclone binary
The app locates and executes the user’s existing rclone installation. rclone can be installed in many locations depending on how the user set it up:
-
/usr/bin/rclone(apt/package manager) -
/snap/bin/rclone(snap) -
~/.local/bin/rclone(manual install) -
/usr/local/bin/rclone(rclone’s own installer script) -
Any custom
$PATHlocation
There is no single plug that grants execute access to arbitrary binaries across the filesystem. The personal-files and system-files plugs could cover known paths, but they don’t handle custom installations, and requiring users to reconfigure after installing rclone differently would be a poor experience.
2. Arbitrary filesystem paths access
rclone operates on any directory the user chooses — local backup sources, mount points, external drives, network shares, and paths outside $HOME (e.g. /mnt/data, /media/user/drive). The home and removable-media plugs cover common cases, but far from all valid rclone source/destination paths. Commands like core/disks (or simply listing folders/disks without having the user select them through a native dialog beforhand) would give faulty or incomplete results.
As the core purpose is browsing and moving files between arbitrary locations, restricting filesystem access would fundamentally limit the app’s functionality and what users expect from it.
Alternatives considered
-
Bundling rclone inside the snap: This would solve binary access but not filesystem access. It would also prevent users from using their existing rclone configuration and version, and would require us to keep the bundled version in sync.
-
Strict with personal-files/system-files: Would require enumerating every possible rclone install path and still wouldn’t cover custom locations.
-
Strict with home + removable-media: Covers ~75% of use cases but breaks for users with data on non-standard mount points, which is common for the rclone user base (NAS mounts, custom partitions, etc.).