Manual review pending

Hello, I have created an electron kiosk snap using this tutorial:

I uploaded the package to the store using the name terminal-q and I get this status: “Manual review pending”

This will be a snap only for private use. Is there something I have to change to be allowed in the store?

These are the errors and the warnings:

human review required due to ‘deny-connection’ constraint for ‘plug-attributes’ from base declaration. If using a chromium webview, you can disable the internal sandbox (eg, use --no-sandbox) and remove the ‘allow-sandbox’ attribute instead. For Oxide webviews, export OXIDE_NO_SANDBOX=1 to disable its internal sandbox. Similarly for QtWebEngine, use QTWEBENGINE_DISABLE_SANDBOX=1. declaration-snap-v2_plugs_deny-connection (browser-sandbox, browser-support)

(NEEDS REVIEW) ‘daemon’ should not be used with ‘browser-support’ security-snap-v2_daemon_with_browser-support (frontend)

If you use “allow-sandbox: false”, this should go away.

browser-support is a transitional interface and grants a number of things that are marginally ok as a normal user, but far too much access as the root user. Currently all daemon snaps run as root and so you and your snap would have to be vetted for distribution via the store with this allowed. The fact that it is private doesn’t matter in terms of the review because a snap may go from private to public at any time. Since you said your snap is always going to be private, it sounds like you aren’t requesting you and your snap be vetted at this time?

If you snap is always going to be private, why do you want to have it in the store (since only you would be able to install the snap)? If your intent is to deliver this snap for devices associated with your product, you might consider a brand store where you can control your brand’s use of browser-support.

Thank you @jdstrand for your answer. My snap will be always private. I wanted to upload to the store to be able to distribute and update it easier, because the idea is to install it in a lot of internal devices of the company.

I didn’t know the stores of the brand. I sent a request using the contact form, as it seems to be the best option for my case.

Hello @sergiov ,

Private snaps are designed to be used only during development phases, where the people accessing it is either the owner of the snap or collaborators. All these have read and write access to the snap, they can perform any operation on the snap, such as change the privacy, upload new revisions, release any revision, etc.

Therefore, private snaps are not meant to be used for distribution. Anyone that have access to the private snap, can change it as they wish, and those changes will propagate to anyone that has the snap installed. I’m sure you can appreciate the security implications of this.

If you need to distribute your snap to a set of specific devices, what you need, as James says, is a brand store associated to the brand of those devices. I see you mention you have used the contact form, is that the contact form in Canonical?

@kyleN, @jhodapp, @lool would you have access to that contact form, if so would you follow up with Sergio?

Regards, Natalia.

I’ve messaged Sergiov and have invited him to discuss further.


@jdstrand @natalia @kyleN thank you for all your help. I got from Canonical more information about the brand stores, but the cost of the service is a lot more than we can afford in our project, and very high for only having a private snap.

There is any alternative?