Request classic confinment for Tigris CLI tool

Along with regular database client functionality, our CLI provides a way to easily spin up local-development database instance, using: tigris local up / tigris local down commands. Those commands require docker image pull, run and stop permission.

In order to publish the CLI on snap we would need classic confinement permission, or strict confinement with plugs.docker permission. Moreover, we only need permission to pull, run and stop very specific tigrisdata/tigris-local image.

Please consider the request.

We are 100% open-source: https://github.com/tigrisdata/tigris

@firsov as you have described, tigris can stay under strict confinement and plug docker instead. If tigris properly work this way, this is preferred. Could you please update the post title to reflect this is not a classic confinement request anymore?

+1 from me for use of docker to tigris since based on what I see in the Makefile, docker compose commands are needed to start/stop the server and other basic functionalities. Can other @reviewers please vote?

It seems that auto-connection could be desirable but this will require publisher vetting since docker is a privileged interface.

Thanks for your reply, @emitorino!

What would be my next steps?

I’ve changed the confinement to strict, added docker plug and requested manual review here: https://dashboard.snapcraft.io/snaps/tigris/revisions/15/

Here is my snapcraft.yaml: https://github.com/tigrisdata/snapcraft-tigris/blob/main/snap/snapcraft.yaml

Is that right?

+1 from me for use-of docker by tigris as this is part of its standard functionality.