Tried to install an app with classic confinement using software center and it failed with the error
Then I tried to install it through CLI and received the error bellow
error: This revision of snap "vscode" was published using classic confinement
and thus may perform arbitrary system changes outside of the security
sandbox that snaps are usually confined to, which may put your system at
`If you understand and want to proceed repeat the command including --classic.`
And worked with the --classic confinement to be installed.
Since Software centre facilitates installation of snap apps shouldn’t it be possible to check auto select the confinement type selected on the app and install it, without needing to be through CLI?
classic confinement means “no security at all, the app has full access to everything” (its like one of these self contained tarballs you’d install to /opt, just with a proper update/rollback mechanism)
so you need at least some (popup ?) notification for the user to know about the risk i guess …
Yes I know, but shouldn’t at least for installation through store at least appear a warning asking if you want to proceed and not just and the installation, since the app was confined with classic?
Yes, that is what i meant with “some notification”, gnome-software should show a popup or something in (or next to) the description should point out that this is an insecure snap …
Yes, should I open a bug report on Launchpad? Or it can be handled through this post?
Open a bug report on Launchpad (if there isn’t one already - if there is one then mark yourself as affected by that) so the desktop team have a tracker for it (they may know it’s an issue already but no harm in filing!)
@robert.ancell maintains the gnome-software changes, i’m not sure if something like the above is already planned … (but i guess he can tell us now that i pinged him )
See Behaviour for installing classic, devmode and unsigned snaps in a GUI for discussion about the classic confinement support in GNOME Software.