Hi, I’m requesting classic confinement for https://snapcraft.io/sbctl/
I’m not the official developer, but I use this app and wanted to make it easier to install by default on ubuntu.
So, the reason why it needs classic confinement is because of the need to access the ESP partition to sign the boot executables, and also to enroll the keys. To my knowledge, there is no interface to allow that. Thanks!
I was under the assumption that the system-files interface was only for /etc and not any other folders? Also, it says that it’s specifically not for folders that the snap is not the clear owner.
Technically there is no limit to what system-files can access and granting an exception to any rule around the interface is still better than making it classic…
I’m sorry. I just can’t seem to get it to work even with the system files interface setup, I’ve added it, and also connected the interface. When I run lsblk inside the snap, it seems like the base snap (core22) overrides the path.
Heh, yeah, you did not talk about lsblk calls before
Install the snappy-debug snap and run the same named tool from it in a second terminal while running your app, that should give you suggestions about additional interfaces you need to define and connect.
Really sorry about not answering this. I’ve been busy with stuff and haven’t had the energy to try to figure out sbctl in a snap. Also, I found out that since I was using WSL ubuntu, it lacks the apparmor kernel support so snappy-debug would never report any violations. I had to use a bare metal install or virtual machine.
@techytips - since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks
Secure Boot key manager
