Hello @emitorino
thank you for your comments. I fully understand the software classification requirement to grant or not the classic confinement. I still have read Security policy and sandboxing and I’m fully agree with the rigorous review process.
Anyway I’m now convinced glpi-agent is another case the process is not covering. I tried system-backup interface as suggested by @alexmurray. With some glpi-agent modifications it permits to fix few things (like the Os name), but really too few. I investigate a way to run native commands after a copy from hostfs but I didn’t find any efficient tool to also get the library dependencies.
“classic” confinement is definitively what glpi-agent requires.
As you remembered, classic confinement snaps run without restrictions and this is what requires the agent. I tried to explain you all the great care we take in the agent development and to make it work reliably across distributions I integrated a dedicated perl build in the snap. This perl interpreter was chosen for this software since the beginning to make it as portable as possible other platforms. The same perl code works great on linux, MacOS, Windows and more other.
To finally answer you last question, yes, I tried to include your suggestions and the solution were not enough to make it works as expected under strict confinement.
So is it possible to make an exception for this inventory software ?
Best regards