Request for classic Confinement for Linkerd


Linkerd is a tool for Kubernetes, that relies on kubectl and its config which lives under ~/.kube, thus the need for classic confinement.

For reference, I found this discussion about the same request for Helm, which also relies on kubectl.

Thanks in advance!

The request lacks sufficient detail to proceed. As mentioned in the request for helmfille, the helm request is quite old and new information is available for discussing your request.

Can you describe what linkerd does with specific details on why you need classic confinement?

@alpeb can you please respond to @jdstrand’s question above? This request cannot proceed without that info.

Sure, linkerd uses kubectl’s config under the hood, which means it requires access to ~/.kube/

How could this be achieved under strict confinement?


Access to files in a user’s home directory under strict confinement can be done via the personal-files interface - The personal-files interface

@alpeb - there are several strict mode snaps that use kubectl with access to ~/.kube. Did you explore the use of personal-files? (This request cannot proceed without the requested information).

@alpeb as mentioned above, if you only need access to ~/.kube this can be achieved using strict mode confinement and an appropriate personal-files interface declaration. I am removing this request form our internal queue but if you can provide the requested information as to why personal-file is not sufficient and you still feel classic confinement is appropriate, I will re-add it for consideration.