Manual review for core22-desktop base snap

I’d like to request the use of type: base for the core22-desktop base snap on the store, which is currently held up by manual review.

Some information about the snap:

1. The snap name is registered by the canonical account.
2. The snap source is managed at https://github.com/canonical/core-base-desktop, which is a fork of snapcore/core-base. It extends core22 with packages to enable a graphical login.
3. The snap is not intended for wide use by many snaps: it is intended to be used as the boot base snap for an Ubuntu Core variant, together with a couple of related snaps where it is important that they be in sync with the root file system.

Thanks.

Thanks - this will require a change in review-tools (https://git.launchpad.net/review-tools/commit/?id=77eb07d4026cb0799bd2610d7cc13edd0654ff95) which then needs to be deployed on the snap store side. For now I have manually approved the existing revision.

Hmm actually on further inspection I notice that compared to the core22 base snap, core22-desktop has a couple more sensitive binaries - in particular /usr/bin/fusermount3 and /usr/bin/pkexec - which are both setuid root. Can you confirm that these are intentionally part of core22-desktop and are required? Thanks.

• fusermount3 is needed to allow xdg-document-portal to mount its $XDG_RUNTIME_DIR/doc filesystem.
• we could probably delete pkexec without too much problem.
• not mentioned, but the snap also adds setuid /usr/libexec/polkit-agent-helper-1, which is needed to allow gnome-shell to act as a polkit agent.

Ok, I will add overrides to review-tools for fusermount3 and /usr/libexec/polkit-agent-helper-1 for now but will not add pkexec at this time. If this is deemed necessary in the future we can always add it.

The required changes are now made to review-tools and a new release has been tagged, we are just waiting on this to be deployed to the store (ping @roadmr - https://git.launchpad.net/review-tools/log/?h=20221013-0339UTC)