Request for classic confinement for lazydocker


#1

Hello, I am a complete utter noob here but I would like to request for the classic confinement for my app lazydocker: https://github.com/jesseduffield/lazydocker

I am not sure what is required here so please let me know :slight_smile:


#2

Please see Process for reviewing classic confinement snaps. Specifically, ā€œthe technical reasons for why the snap uses classic confinement are gathered in the forum post and captured for potential future snapd improvementsā€. What does your snap do and why specifically can it not function with strict confinement?


#3

Hi jdstrand, my snap runs command line programs like ā€˜docker pullā€™ directly. I believe that is sufficient to require classic confinement


#4

Have you tried to use strict confinement while using plugs: [ docker ]? This interface grants access to the docker socket. Be sure to connect the interface and you will need to ship your own docker command.


#5

Moving this out of the queue due to lack of response. @jesseduffield - when you get a chance to answer my last question, we can add this back. Thanks


#6

Sorry for the late response. We are currently in the process of making use of the docker socket and not relying on CLI commands, but we will still have other direct CLI commands going on, for example opening a file so that the user can open the applicationā€™s config file, and likewise with editing a file. We also support running docker-compose commands directly on the command line.


#7

It is my understanding that all of this can be achieved with strict confinement between use of content interfaces, home, network, removable-media and docker plugs (and likely more). @ijohnson might have more light to shed on this.