upstream-relation: publisher of snap is the owner of the upstream, I’ve just been helping with the snap
supported-category: fits under criteria of access to files on the host outside the snap’s runtime (eg, /usr).
reasoning: Confinement is usually used to restrict access to certain files - the entire purpose of yazi is to be a file manager, so limiting it to just $HOME or using removable-media would limit it’s usage quite a lot
I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap to work under strict confinement.
Hi , I’m the maintainer of Yazi. Yazi is a popular 100% open-source file manager, and users should be able to manage any files with it and run any commands on those files (like mpv for videos, vim for text files, etc.).
Hence, unrestricted file access and the ability to run external programs that users have installed are essential.
The problem we have with this request is that as a file manager, yazi doesn’t appear to fit into any of the supported categories for classic confinement. And only a snapd architect can add new categories to this list. In the past there has been hesitation to add file managers to this list of exceptions but perhaps this opinion may have changed now. As such, @niemeyer are you able to weigh in on this - would it be possible to add a new supported category of ‘File managers’ or similar for classic confinement?
As usual, classic requests are a sensitive matter as it implies access to data in the entire system, so any decision on this should not be taken as a rule to be applied without specific consideration in future cases.
With that said, my vote on the matter is to accept the request, on this particular case, on the following basis:
The process is being handled by a strongly trusted member of our community
The snap will be published by the upstream of the software being packaged itself
The software at hand has a strong user base and community around it
The fundamental software functionality is to access arbitrary files, so it cannot be confined with APIs currently available