Request classic confinement for pmtr


#1

Pmtr can be found here: http://troydhanson.github.io/pmtr/. It is a minimal process supervisor typically used to run a collection of locally-developed processes from a single config file, while pmtr itself runs under systemd.

A user requested a snap to install pmtr. I have pushed this release: https://dashboard.snapcraft.io/snaps/pmtr/revisions/1/

Process supervisors like pmtr need unconfined access to the system. Their runtime configuration determines the processes they spawn. Of course, these spawned processes have open ended requirements of their own. For example, the user may be configure pmtr to run a network daemon and a GStreamer application. Classic confinement is needed for pmtr to launch these, and for the child processes to inherit the same privileges.


#2

pmtr seems to be outside the target of the snapd design for app snaps. It is some ways similar to an alternative session manager but is ultimately meant to be a means to simply launch anything. It is conceivable that pmtr and snapd could work together, but it is unclear how that might work or if it is desirable. pmtr seems more suitable as a snapcraft part that snaps could use to launch things rather than a general purpose app snap.

@pedronis and @niemeyer - thoughts?


#3

Yes, to me it sounds definitely more something that would be used inside other snaps.


#4

Typical use is to run a collection of related processes, for local purpose (maybe a crypto rig, maybe a sensor comprised of a dozen related processes). Typically these are local in scope. In other words, the user wants to get pmtr easily and then put it to work for some locally-contrived “appliance”. I guess that a user who wants to make a snap of their whole apparatus, with pmtr inside, and share the snap, is a different and valid use case.