Your snap is currently failing review rev 12 because of the etc-lvm-backupsystem-files interface which is requesting read access to the following:
/dev
/sys/devices
/etc/lvm/backup
/sbin
Could you please be more specific about why you need read access to all of /dev please? It would be much easier for us to grant access to some specific paths in /dev rather than all of it.
/etc/lvm/backup is understandable.
/sbin read access: are you able to explain why you need this access? It is not ungrantable, we would just like to understand what the need is.
/sys/devices/ can you please explain why you need read access to all of this? As per /dev, if this can be limited somewhat that makes it easier to justify and grant.
/dev : to read format inforamtion(LUKS/RAID/LVM/MBR/GPT) of device
/sys/devices : to find block devices
/sbin : to find whiches FS is supported
/etc/lvm/backup : to read/backup lvm setting
There are plenty existing interfaces that can give you this information without granting your app access to things like /dev/tpm to read secure boot keys or access to /dev/input for starting keylogging to sniff password input… have you used snappy-debug to get proper interface suggestions for the access your app needs ?
Either hardware-observe or system-observe should give you that info… snappy-debug should have suggested these to you…
That won’t tell you anything about supported file systems, only about what tools were installed (potentially even as a dependency of some other random app that will never make use of these tools)… to find supported file systems you should simply read /proc/filesystems…
/etc/lvm read access via a system-files interface makes sense though
Hi ogra,
Thanks for you reply me times and times.
Let’s discuss one by one
The /sbin:
to ENUMERATE mkfs.* to get the types of fs can be formated in current os.
There is no other method to do it.
Err, nope, that will only tell you about the tools installed (which could simply have happened by some random and unrelated dependency) but nothing about the fact if they are usable at all, since there is zero relation between having these tools and the kernel actually supporting these filesystems …
The only reliable way to find which filesystems are actually supported is to ask the kernel by parsing the content of /proc/filesystems… (you could then on top of this check if the matching tools are installed to format them but your base of information should really be the kernel, not some randomly installed tool)
In fact we need to know what fs are supported by OS and what fs can be formated by tool.
So after get supported fs from /proc/filesystems we still need to know what tools are installed…