I would like to request auto connect of network-control since it is needed for Nebula to set up a new network interface. Since it is central to the functionality of the software it’s reasonable to expect that this happens automatically. Also, sudo is required to run this tool.
I also would like to get approval to use the system-files plug. Nebula needs a config file and also be able to read and create certificates. It’s neat if these files could reside under /etc/nebula (other option could be for example $SNAP_COMMON but then they will not survive an uninstall of the snap). Directories needed are:
read:
- /etc/nebula/config #For placing the config file
- /etc #For checking if the nebula dir is present on installation, otherwise create it
write:
- /etc/nebula/certs #For storing created certs
- /etc #If the nebula subdir is not present the snap needs to be able to create it
- /etc/nebula #To be able to create the subdirs config and certs upon installation
An alternative to the above would be the classic confinement but it seems doable to go the strict confinement route so I wanted to try that. Please let me know if this setup seems odd and should be changed.
I’m bumping this in case it may have gotten lost. Really would like someone to take a look at this.
Please feedback if I have missed something in order to get it reviewed.
Apologies for missing this request - +1 from me for the use of network-control as it is clear from the description of nebula that by providing seamless connection of various machines it would require this access. -1 from me for system-files since this should just be stored in SNAP_COMMON as you suggest - also note that as of snapd 2.39 when a snap is removed a snapshot of it’s data etc is created automatically, which includes the data in SNAP_COMMON - so this is not actually permanently deleted in that case.
Ok, so I’ve changed the snap to use $SNAP_COMMON instead. So not needing system-files any more. Also updated my original post and the title to reflect this.
