I need to use 'classic' confinement for Linux Search Everything

The application is a file browser. It was generated using the electron framework and the electron builder library. NodeJs features like path, os, fs, child_process and worker_threads are used. Therefore, this application needs the permission to read the file system to perform a search for files matching the parameters of a given filter. Also the application needs to execute shell commands like: which, zip, etc to open a given path of a file and so on. I request to upload a version using classic confinement to have the permission described above.

So if your snap doesn’t require the ability to modify files, only to read them, then you can use the system-backup interface with strict confinement which grants it read access to the entire file-system (but then this is located under /var/lib/snapd/hostfs rather than just / so you would have to translate paths accordingly).

Your snap can also ship all the required commands like which, zip etc via stage-packages then it will be able to execute these under strict confinement as well.

So it is possible that classic confinement is not required - can you please investigate these options?

@jalejandroc2928 ping, can you please provide the requested information?

@jalejandroc2928 - ping, this request cannot proceed without the requested information

@jalejandroc2928 - since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks!

The problem it’s that for me is no so clear what I have to do, I just have created the request, put the images and explain what the app need for it’s correct behavior. And what I understood it needs classic confinement. I don’t know what else I have to explain for the acceptance

@jalejandroc2928 hey, did you have the chance to explore the alternatives provided by @alexmurray in a previous post?

Please remember that classic confinement snaps run without restrictions, and thus use of classic effectively grants device ownership to the snap.

I will do it and let you know. Best regards

1 Like

Hi @jalejandroc2928! Could you make any progress on analyzing alternatives that allow Linux Search Everything to stay under strict confinement?

Thanks!

After trying and trying I got this message: error: cannot perform the following tasks: - Mount snap “linux-search-everything” (unset) (installation not allowed by “system-backup” slot rule of interface “system-backup”)

For me is impossible to set up this app properly in snap. The .deb package works perfectly.

why would your snap provide a slot (to whom) ?

if you want your app to access the host fs you need to use the plug (and connect it) … not the slot

The problem is the prehabs I don’t understand precisely how to configure the snap in order to provide the access that Linux Search Everything needs for working like the .deb package. I used electron framework and electron-build package for compiling the binaries for .tar .zip .snap and .deb. And the problems are with snap. The documentation for the electron-build package is scarce. I need to access all the file systems for searching, and I need to execute commands like wich , pwd, and nautilus etc for providing the link to open the files that you are working on. Can you help me to configure the package for archiving this features ?. This is part of the Json configuration.

well, you will need code changes for this … i.e. instead of calling nautilus you should call xdg-open which will hand the query to the desktop, that in turn will then open the file with the defined default app for this file type …

which, pwd and such should be available from your base snap (though i doubt which will be helpful as it only searches the snap environment)

i have no experience with the electron tool you are using but i could surely help you to adjust your snapcraft.yaml if you used that natively instead of through some foreign frontend tool …