Request for classic confinement: classic-snap-analyzer


I made a snap called classic-snap-analyzer. This snap is a simple shell script that looks at all the processes, looks for those that belong to a given snap and then looks at what is mapped into their address space.

The program then prints all the libraries that are coming from outside of /snap/core or /snap/$SNAP_NAME, thus having a higher chance of failure in case the snap is installed on a system without such libraries.

This has advantages over static analysis because it automatically picks up dynamically loaded files and is unrelated to the programming language used. It has some disadvantages as it only probes the snap at runtime in a given instance of time, so it may skip some errors that simply happen later.

Still, I think it would be useful to the packaging community.

I have requested classic confinement because the snap cannot be currently confined. Discussing with @jdstrand I will propose a process-observe interface that would allow it to go to strict confinement but to make it available soon I’d like to use classic for now.

1 Like

The requirements are understood and I’ve vetted the publisher. Granting use of classic. This is now live.

1 Like

The snap has been published now.

1 Like