Request classic confinement for `yazi`

jnsgruk · January 24, 2025, 2:13pm

Hi all!

name: yazi
description: “Blazing fast terminal file manager written in Rust, based on async I/O.”
snapcraft: yazi/snap/snapcraft.yaml at main · sxyazi/yazi · GitHub
upstream: GitHub - sxyazi/yazi: 💥 Blazing fast terminal file manager written in Rust, based on async I/O.
upstream-relation: publisher of snap is the owner of the upstream, I’ve just been helping with the snap
supported-category: fits under criteria of access to files on the host outside the snap’s runtime (eg, /usr).
reasoning: Confinement is usually used to restrict access to certain files - the entire purpose of yazi is to be a file manager, so limiting it to just $HOME or using removable-media would limit it’s usage quite a lot

I understand that strict confinement is generally preferred over classic.

I’ve tried the existing interfaces to make the snap to work under strict confinement.

Thanks! Jon

sxyazi · January 25, 2025, 11:11am

+1 for this.

Hi , I’m the maintainer of Yazi. Yazi is a popular 100% open-source file manager, and users should be able to manage any files with it and run any commands on those files (like mpv for videos, vim for text files, etc.).

Hence, unrestricted file access and the ability to run external programs that users have installed are essential.

jnsgruk · February 12, 2025, 12:33pm

Hey folks, can I get some sort of update on this please?

alexmurray · February 12, 2025, 10:42pm

Hi @jnsgruk - apologies for the radio silence.

The problem we have with this request is that as a file manager, yazi doesn’t appear to fit into any of the supported categories for classic confinement. And only a snapd architect can add new categories to this list. In the past there has been hesitation to add file managers to this list of exceptions but perhaps this opinion may have changed now. As such, @niemeyer are you able to weigh in on this - would it be possible to add a new supported category of ‘File managers’ or similar for classic confinement?

niemeyer · February 20, 2025, 3:43pm

As usual, classic requests are a sensitive matter as it implies access to data in the entire system, so any decision on this should not be taken as a rule to be applied without specific consideration in future cases.

With that said, my vote on the matter is to accept the request, on this particular case, on the following basis:

The process is being handled by a strongly trusted member of our community
The snap will be published by the upstream of the software being packaged itself
The software at hand has a strong user base and community around it
The fundamental software functionality is to access arbitrary files, so it cannot be confined with APIs currently available

jslarraz · February 25, 2025, 8:16am

I’ll contact @sxyazi via private message to start the publisher vetting.

jslarraz · February 25, 2025, 2:41pm

I’ve vetted the publisher. This is now live. Next revision uploaded to the store should now pass the automatic review.

Thanks!

jnsgruk · February 25, 2025, 3:23pm

Thank you! Glad to see this across the line!