as via is a utility to start/stop processes for local development environments, it needs access to (potentially) all folders of the user’s system, because it needs to read the contents of the user’s projects, as well as execute programs in those folders.
You can find further description of the project and it’s code here: https://github.com/Sopamo/via
Have you check the process control interface? It allows to manage processes so I believe if you plug this interface along with others that will allow you to access users directories (like home, personal-files, system-files, etc) via can stay under strict confinement and enjoy the benefits of a stable runtime environment.
Thanks for the reply. As we do not know where the user wants to store their software projects, it’s not sufficient for us to only have access to the home directory. We would want to allow the user to open / read any files anywhere on their computer. I can’t see any permission allowing that.
I think via falls in the category “tools for local, non-root user driven configuration of/switching to development workspaces/environments” defined here: https://snapcraft.io/docs/reviewing-classic-confinement-snaps
That’s correct, and also as per the process, access to arbitrary files on the system is not a supported category for granting classic confinement.
I still believe that if via-cli:
user’s project usually leave on standard locations, and if you plug certain ifaces that allow access to users folders + process-control, via-cli can stay under strict confinement and cover most use cases.
Since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks!