I am requesting classic confinement for the snaps aihubshell and aihubshell2. These snaps are shell programs provided by the quasi-public institution aihub.or.kr. The primary function of these shell programs is to allow users to register, log in, and download data. Only users who have registered and applied for data download can use these shell programs.
The reason for requesting classic confinement is due to the necessity for users to create folders on NAS servers and freely download files to specified paths. The strict mode imposes several limitations that hinder these functionalities, making classic confinement essential for our use case.
As mentioned earlier, only users who have registered and applied for downloads can use these shell programs, which adds a layer of security and controlled access.
Could you please inform us of the expected review period for this request? If additional information is required, please let us know, and we will provide it promptly.
In this case, I think I need more information to determine this. Can you please outline the specific use-case needed - it seems to me like aihubshell etc act as a server and create files on demand from users but if you could please clarify that would be great.
Then can you clarify which of the supported categories that aihubshell fits within? Thanks.
Our category is Terminal Emulators, Multiplexers and Shells.
Our snap ‘aihubshell’ allows approved users to download large files via curl through the terminal. Due to the large size of the files, it requires write permissions to specific locations such as NAS folders and personal folders. Therefore, we need classic confinement.
Strict confinement imposes many restrictions, which is why we are requesting classic confinement.
aihubshell has a simple function: when a user sends a request to the aihub server via curl, it checks the login and permissions, then allows the user to download large files.
The aihub data consists of AI training data (from 14 different fields) created under the Intelligent Information Industry Infrastructure Development Project, as well as AI training data held by domestic and international institutions and companies, which is made publicly available.
The data is managed by a quasi-governmental organization in Korea.
Regarding the supported categories for classic confinement, our snap falls under the "Terminal Emulators, Multiplexers and Shells" category. The specific use-case is that aihubshell acts as a client to request and download large AI training datasets securely from aihub servers, requiring necessary permissions to write to specific locations on the user's system.
Unfortunately I do not think your snap fits this category - terminals etc is designed for snaps that execute arbitrary commands as specified by the user - but in your case the snap is running a specific command (curl) which it should provide itself.
Also I expect the vast majority of use-cases would be met by using the home and removable-media plugs as then the snap can write within the user’s home directory or any external hard drives etc on the machine. Thus I think it should be sufficient to use strict confinement with these 2 plugs.
Additionally, I would like to know if the personal-files option would also be allowed, and how long the approval process typically takes when the snap is uploaded with the home and removable-media options.
personal-files depends on what particular files the snap is requesting access to - are they reasonable given the use-case of the snap? If you could please provide details then I can advise
There is no approval needed for home or removable-media - both of these are allowed for any snaps (and the home interface auto-connects on regular Linux systems) - if you need auto-connect for removable-media then you will need to file a specific request for this as per Process for aliases, auto-connections and tracks
