I have a snap called
mailserver (source), it’s a snap that uses lxd to provision and manage a bunch of LXD containers for a full e-mail setup, the snap mostly contains the provision and management bits and the intention is to make it considerable easier for a somewhat novice or lazy sysadmin to run a full e-mail server.
It was truly a pain to try to get postfix and other tools to work inside a snap, and I changed to an idea based around the lxd snap. It works well, but last weekend I tried to upload my first draft and got rejected:
“The lxd interface is reserved for snaps that the ability to control all aspects of lxd containers on the system which therefore grants device ownership to the snap. If the access is required, consider using a brand store or create a forum topic at https://forum.snapcraft.io/ using the ‘store-requests’ category if this can be discussed in public or the ‘sensitive’ category if the discussion should remain private. Please feel free to copy and paste this message in the topic. Thanks!” — Jamie Strandboge
To control all aspects of the lxd containers is exactly what I like to do. I need to be able to create and manage several LXD containers, so I ask if it’s possible to grant my snap access to the lxd interface?
An alternative route for my snap it to use lxd remotes (access over the network), but it feels like it could open up a less secure solution for novice users, like if the user accidentally exposes lxd on the public internet and/or with a bad password. To be granted the lxd interface (to get access to the lxd socket) feels like a safer route, and easier to setup for the users. Also, the lxd snap is not auto-connected so the user must still manually (and intentionally) grant my snap access to lxd.