Thanks for your reply Daniel!
One point I forgot to mention, reemd is to run as a daemon or service
What access is required that is not covered by current interfaces?
reemd needs the ability to start shells (bash, sh, zsh…). The main functionality of reemd is to act as a gateway to start CLI/terminal/shell sessions remotely through a web browser using our cloud platform. We need the ability spawn these shells (processes).
I’m new to snapcraft I can’t seem to find an interface that would allow the app to execute or start other programs in the OS. Is this correct? Is there a way to do this through strict confinement?
Remote users will have the ability to access their files remotely as well, so a read access to the entire filesystem would be good.
reemd will also provide stats on hardware, cpu, disk space, memory usage. Access to observe hardware is required for this, which I think it already exists as an interface of snap.
What happens when that access is denied? (does your app crash, have missing functionality…?)
The app will have missing functionality
Can you post denial messages from apparmor when you try to run your app under strict confinement?
Not sure, looking into it.