IotMonitor: classical confinement for a process mqtt iot monitoring tool

Hi, i’ve build an iot mqtt monitor, that permit to handle and run software agents, from my reading, it seems this cannot be run inside a snap as the iotmonitor launch user configured commandline.
The idea behind iotmonitor (for the software agents) is to read the /proc branch, watch if monitored process are still launched, otherwised, launch them.

i’ve seen the /proc reading can be properly achieved, but the launch of arbitrary mqtt process can be tiedious if sandboxed. I’ve personnaly have a bunch of python script, and C implements process that follow this pattern.

the code is on github here : https://github.com/mqttiotstuff/iotmonitor with documentation, if things are not so clear.

thank’s for your readings, and response
Patrice

1 Like

hi ? any response ? it is the right place to this ?

Hi @frett27 welcome to the forum and apologize for the delay, this is exactly the place to ask these type of questions, hopefully we can help you with your request.

Before getting into further questions, I see your snap monitors iot devices: is your snap expected to run on system running Ubuntu Core? Because classic confined snaps do not run on Ubuntu Core, you can read more about this here.

@frett27 ping, can you please provide the requested information?

Hi, thank’s for the follow up, i had a late mail response,

no it is’t currently targeted to core iot for instance, only full fledged ubuntu for the moment.
the usage is more a supervision role, than embedded role

Patrice

any response ? i wish to know if snap in this case is a proper way to distribute the binary ?

Unfortunately the need to launch arbitrary processes does not really fit in with the existing categories for which classic confinement is granted as per Process for reviewing classic confinement snaps - so whilst from this description the snap needs this access and the requirements from the iotmonitor for classic confinement is understood, it is not currently possible for this to be granted. Instead on classic systems, perhaps the use of more traditional service montoring systems like systemd would be a better fit?