Hey, at latest GUADEC there was a talk on Parental Control where a solution using malcontent was presented, showing how it can be used to limit flatpaks usage:
https://www.youtube.com/watch?v=2FTvDFDNvmE
It would be nice for snaps to also include such abilities to classify applications and then to limit the installation or usage depending on the user parameters.
IIUC, the OARS data for flatpak apps is publisher defined, so a very rough sketch of what this would look like would be something like:
snap run, probably i.e. snap-confine which runs with elevated permissions before dropping back to the user would ask snapd if running this snap is allowed for this userDoes that kinda like the user expectation? Of course there would need to be some sort of robust fallback mechanism where if malcontent is not available or not running or broken or something snaps could still run, and this also implies there may be some form of attack by DOS’ing accounts-service or malcontent to allow a snap to run because snapd does not get a response from it in time. I’m curious what flatpak does in that situation.
An interesting extension to this might be the per-machine classification of snaps whereby a snap admin can specify a certain application’s OARS data or something like that if the snap itself does not provide such data but the admin still wants to limit it’s usage by other snap users.
/me also notes that malcontent does not appear to be in the ubuntu archive on focal at least
No, malcontent is just a new project so, something to hack on and that we may include in the archive when there’s interest for.