Request for "classic" confinement for package Wilfred

can you clarify how it is not working?

BTW, for reviewers or others who come here looking for an example of using the docker snap from another strict snap, I made an example snap here: GitHub - anonymouse64/docker-snap-usage-example: example snap to use docker snap from another snap that can be used as reference

Yes, sorry. Itā€™s the same error as in post #9.

  File "/snap/wilfred/x1/lib/python3.6/site-packages/docker/transport/unixconn.py", line 43, in connect
    sock.connect(self.unix_socket)
PermissionError: [Errno 13] Permission denied

Is the user this is running as in the docker group?

Yes, my user on the system is in the docker group.

Any news regarding this? Still no change as far as I can see.

No sorry I donā€™t know why itā€™s not working for you and unfortunately I donā€™t have much time to investigate this at the moment

Alright, I understand.

Maybe I misunderstood something but I thought this was an issue with how snap deals with the Docker interface. As per this post (by @jdstrand), I thought that this would be fixed in 2.44. I just want to know whether there have plans to solve this or not. If not, or not within the near future, then Iā€™d like to request the classic confinement for my snap.

This was not completed in time for 2.45, but I will be submitting a PR for this by midweek for 2.45 inclusion. Iā€™ll post the PR link here when I submit it.

1 Like

I looked into this again, and @zyga-snapd is right. If I add implicitOnClassic: true then install the docker snap on a classic distro system, then ā€˜docker:docker-cliā€™ plug does not auto-connect because there are two slot providers: snapd and the docker snap itself. This can be easily fixed in the docker snapā€™s snap declaration (to use slot-snap-id) and any plugging snaps that have an auto-connection (to use greedy plugs), but weā€™d need to query the store for those.

FYI, https://github.com/snapcore/snapd/pull/8789

I have loosely been following the conversation on that pull request but it seems it was now closed. If no changes to snapd are proposed Iā€™d like to revive my request for the classic confinement for my snap.

@pedronis closed that PR until a conversation could be had on moving forward, which is expected to happen soonish. As for granting classic in the meantime, weā€™ve not historically granted classic confinement for this since your snap would be expected to work with the docker snap today and that support for docker-from-traditional-packaging would come after we resolve the remaining issues. Iā€™m not sure if @pedronis has more to add or wants to weigh in.

Alright, I see. Letā€™s say I want to prepare my snap package for using the strict confinement. Is there any other request I need to make in order for my snap to be able to access the plugs/interfaces required?

This is the full snap/snapcraft.yml file which I hope works after this change you mention is implemented.

name: wilfred
base: core18
version: git # set version on release ('v0.1.0') and use 'git' during dev
summary: A CLI for managing game servers using Docker # 79 char long summary
description: |
  Wilfred is a command-line interface for running game servers locally. It uses Docker to run game servers in containers, which means they are completely separated. Wilfred can run any game that can run in Docker.

  Wilfred is currently under development and should not be considered stable. Features may break or may not be implemented yet. Use with caution.

grade: devel # 'stable' on release ('devel' during dev)
confinement: strict

parts:
  wilfred:
    override-build: |
      sed -i "s/development/`git log -1 --format="%H"`/g" wilfred/version.py
      sed -i "s/YYYY-MM-DD/`git log -1 --format="%at" | xargs -I{} date -d @{} +%Y-%m-%d`/g" wilfred/version.py
      snapcraftctl build
    plugin: python
    source: .
    build-packages:
      - python3-distutils
      - build-essential

apps:
  wilfred:
    command: bin/wilfred
    plugs:
      - home
      - removable-media
      - docker
      - network
    environment:
      PYTHONIOENCODING: utf-8
      LC_ALL: C.UTF-8
      LANG: C.UTF-8