Docker permissions for Commandeer app

Hi there, pushing a new version of Commandeer - developer productivity app for the cloud. The recent version 1.2 got rejected since we added Docker permissions. Which we need to power Docker UI we have in Commandeer which pulls images, shows containers, networks and volumes. The store reviewer rejected the build and asked to create this forum thread with store-requests label.

Is there a way we can get this approved by any chance?


The docker interface is not typically auto-connected - since this is a privileged interface. I also note the snap plugs the docker-support interface - is this because you are shipping docker inside your snap? If this is the case, instead it would be better to use the docker snap directly for this via something like the following (see Snap that deploy a Docker image for an example of a similar request in the past) :

    content: docker-executables
    default-provider: docker
    interface: content
    target: docker-env

Also we do not normally grant auto-connect of the docker interface since that essentially grants device ownership to the snap - instead we can grant use of the interface and then this has to be manually connected by the user. However, if you feel this should be auto-connected as well (since perhaps the use of docker is a primary function of Commandeer) then we can look into publisher vetting (as is done for granting classic confinement).

Thanks @alexmurray, we only need the access to Docker socket to manage Docker from Commandeer. Looks like we don’t need docker-support based on the post linked in your message and I can just remove it. I’ll resubmit the app shortly without the docker-support interface.

That being said, having Docker interface auto connected will be ideal. Because not only it’s required for the Docker section of Commandeer it also powers the rest of the infrastructure tools in Commandeer which is a significant portion of the app.

Would it be possible to have Docker interface auto-connected for Commandeer?