Docker permissions for Commandeer app

Hi there, pushing a new version of Commandeer - developer productivity app for the cloud. The recent version 1.2 got rejected since we added Docker permissions. Which we need to power Docker UI we have in Commandeer which pulls images, shows containers, networks and volumes. The store reviewer rejected the build and asked to create this forum thread with store-requests label.

Is there a way we can get this approved by any chance?


The docker interface is not typically auto-connected - since this is a privileged interface. I also note the snap plugs the docker-support interface - is this because you are shipping docker inside your snap? If this is the case, instead it would be better to use the docker snap directly for this via something like the following (see Snap that deploy a Docker image for an example of a similar request in the past) :

    content: docker-executables
    default-provider: docker
    interface: content
    target: docker-env

Also we do not normally grant auto-connect of the docker interface since that essentially grants device ownership to the snap - instead we can grant use of the interface and then this has to be manually connected by the user. However, if you feel this should be auto-connected as well (since perhaps the use of docker is a primary function of Commandeer) then we can look into publisher vetting (as is done for granting classic confinement).

Thanks @alexmurray, we only need the access to Docker socket to manage Docker from Commandeer. Looks like we don’t need docker-support based on the post linked in your message and I can just remove it. I’ll resubmit the app shortly without the docker-support interface.

That being said, having Docker interface auto connected will be ideal. Because not only it’s required for the Docker section of Commandeer it also powers the rest of the infrastructure tools in Commandeer which is a significant portion of the app.

Would it be possible to have Docker interface auto-connected for Commandeer?

Can you provide a link to upstream documentation on the feature set? Is docker functionality core functionality for Commandeer? How is the functionality discoverable by the user?

Hi @jdstrand, sure thing, will be happy to do so.

Can you provide a link to upstream documentation on the feature set?

Here is the documentation for [Docker Compose Runner]. There is also more documentation on how Commandeer uses Docker which you can browse using the side navigation in the Docker section

Is docker functionality core functionality for Commandeer?

Yes, we use Docker for the core functionality of Commandeer for managing Docker itself from Commandeer UI. Also, our IaC runners like Ansible Runner, CircleCI runner, Serverless Runner, all use Docker under the hood to run it. All of which is Commandeer’s core functionality.

How is the functionality discoverable by the user?

We have all services listed in the side navigation in the Commandeer app. User clicks on each service like Docker itself which opens the service UI.

Let me know if you have any further questions. Would love to get Docker interface auto connected for some great user experience on Ubuntu.

Thanks for the additional information.

+1 for use of and auto-connection for the docker interface for this snap.

@reviewers - can others please vote (once the votes are tallied and assuming the vote is in the affirmative, we can ask the advocacy team to perform the vetting).

Thanks @jdstrand, it would be fantastic to get it into this upcoming release. Let us know if you need any help or additional info.

+1 from me too for use of and auto-connect of docker for commandeer.

+2 votes for, 0 votes against. @advocacy, can you please perform publisher vetting?

Great, thanks @alexmurray. We just pushed a new version of Commandeer (1.3). It’s currently in manual review. Let me know if we need to do anything special to go through the review this time around.

+1 from me as well, and I’ve also verified the publisher.

+3 votes for, 0 votes against. This is now live.

Awesome! Thank you very much :+1: