Along with regular database client functionality, our CLI provides a way to easily spin up local-development database instance, using: tigris local up / tigris local down commands.
Those commands require docker image pull, run and stop permission.
In order to publish the CLI on snap we would need classic confinement permission, or strict confinement with plugs.docker permission. Moreover, we only need permission to pull, run and stop very specific tigrisdata/tigris-local image.
@firsov as you have described, tigris can stay under strict confinement and plug docker instead. If tigris properly work this way, this is preferred. Could you please update the post title to reflect this is not a classic confinement request anymore?
+1 from me for use of docker to tigris since based on what I see in the Makefile, docker compose commands are needed to start/stop the server and other basic functionalities. Can other @reviewers please vote?
It seems that auto-connection could be desirable but this will require publisher vetting since docker is a privileged interface.
$ sudo tigris local up
[sudo] password for firs:
latest: Pulling from tigrisdata/tigris-local
Digest: sha256:c380a586b4f850cdf8a95faf2e453b593485ce1a2e0b1cc6a373528ffabc3a24
Status: Image is up to date for tigrisdata/tigris-local:latest
Tigris is running at localhost:8081
$ tigris create database db1
$ tigris list databases
db1
$ sudo tigris local down
Tigris stopped
However, I have couple of questions:
system docker cannot be used and docker need to be installed from snap: sudo snap install docker. Is there a way to explicitly define docker dependency for Tigris snap, so that it’s installed automatically?
Docker commands require super privileges sudo tigris local up, while with the system I can run it with the current user priveleges tigris local up, is there a way to enable unprivileged Docker access for the snap?
Thanks again, besides two above concerns it works nicely!
