Request for classic confinement for uc-image

store-requests classic-confinement
1
  • name: uc-image
  • description: Ubuntu Core image building tool
  • snapcraft: snapcraft.yaml
  • upstream: PRIVATE
  • supported-category: Development
  • reasoning: uc-image is alternative to the ubuntu-image (and imagecraft in the future) tool to build Ubuntu Core images. It adresses the shortcomings of the ubuntu-image when building for arm embedded systems and producing images suitable for variuous flash tools used by the ecosystem. e.g. AmbaUSB, qdl, uuu, and others. For this reason uc-image invokes snap prepare-image to prepare Ubuntu Core Image, while simple case can run strictly confined, when building preseeded images, tool will prepare chroot and runs snapd within the chroot, where snapd runs in first boot experience. Trying to confine this process would qual to trying to confine snapd. Process includes steps like overlayfs, inspecting sysfs, mounting squashfs images.

I understand that strict confinement is generally preferred over classic.

I’ve tried the existing interfaces to make the snap to work under strict confinement.

1 Like
2

uc-image fits in the existing categories for classic confinement of compilers etc, the requirements for classic confinment are understood. I have vetted the publisher. This is now live.