Request for classic confinement: clavus

Dear Snap Team,

I am writing to request classic confinement for the Clavus snap. The reason for this request is that Clavus requires access to the user’s personal files, which may reside in various directories on the system. Clavus is a configuration system designed to load and unload commands and files into target directories specified in the state.json file. Users may specify files with targets in specific paths, such as ~/.aws/config or ~/.kube/config and Clavus needs access to these paths if the current user has permissions to them. Unfortunately, using strict confinement with the personal-files or system-files interfaces is not feasible for Clavus. This is because we cannot predict in advance which files the user will want to configure within their configurations. Granting Clavus classic confinement will ensure that it has the necessary access to the user’s personal files, providing a seamless and user-friendly experience. Here is the GitHub repository: GitHub - peter-mbx/clavus: Clavum Lateris

Thank you for considering my request.

Sincerely, Pietro Mobrici

Hi @pietromobrici

According to Process for reviewing classic confinement snaps , Classic requests should fall under at least one of the supported categories. Could you please clarify if clavus fits within any of the supported categories? Thanks!

Hi @cav, Thank you for your comment. Clavus falls into the category:

  • tools for local, non-root user driven configuration of/switching to development workspaces/environments

Pietro Mobrici

Hi @cav any news about my request?

Thank you, Pietro Mobrici

hi @pietromobrici, apologies for the delay.

Are the “commands” in clavus any arbitrary command on the host system?/Does clavus also expect commands to be on the host system already?


@pietromobrici - ping, just wanted to follow this one up with you

hi @cav , no clavus does not expect to find any command in the system.

hi @pietromobrici,

in order to receive the benefits of a confined environment, could clavus ship commands the user is expected to use inside the snap?

in regards to accessing arbitrary config files on the system. Because of this comment in the unsupported section of Process for reviewing classic confinement snaps:

“access to arbitrary files on the system because the application isn’t designed with confinement in mind (if a desktop application, use portals or xdg-open )”,

a somewhat adjacent approach to this topic, in which ad-hoc personal-files interfaces could be created, could be taken instead to allow strict confinement to be used rather than classic. what do other @reviewers think?