Hello,
I am aiming to publish eUPF as a strictly confined snap. The upload failed because the system-files
interface is a super-privileged interface and requires a store request. There it is.
- name: eupf
- description: Snap for eUPF, a 5G user plane function based on eBPF.
- snapcraft: link to snapcraft.yaml if publicly available
- upstream: link to the upstream repository if open-source or ‘PRIVATE’ otherwise
- upstream-relation: No direct relation
- interfaces:
- \system-files:
- request-type: installation and connection
- reasoning: This application is a 5G core network and uses eBPF to route packets. To do so, the app needs read and write permissions to the
/sys/fs/bpf/upf_pipeline
host path.
- \system-files:
The snap also uses the following interfaces though I don’t think they require manual review:
- network
- network-bind
- network-control
- process-control
- system-observe
Feel free to reach out if you have any questions.
Thank you,