Request for classic confinement. (For VPN tool)

I would like to be able to use the “classic” value for the “confinement” attribute. I’m developing a tool for VPN and I need different permissions to manipulate VPNs. With the “classic” option I can do all VPN operations, Create, update, delete and connect.

Snap name: j-ovpn-ui.

1 Like

Difficulty making an application work under strict confinement is not a sufficient reason for the use of classic confinement as per Process for reviewing classic confinement snaps.

Other VPN tools have been successfully created using strict confinement - likely you will need to plug firewall-control or some similar interface - please see https://snapcraft.io/docs/debug-snaps for more details on how to figure out which interfaces to plug - in particular the use of snappy-debug. Thanks.

Core18 with the installation of the network-manager package does not have the external plugin “org.vpn.freedesktop” for VPN. core20 does not have Maven, and core22 also throws errors.

Is there any other alternative ?

@diego.armange.costa hey,

It’s been a while since we last discussed. I am checking the status of this request. Did you make any progress with making j-ovpn-ui work under strict confimenet?

I made no progress. I couldn’t find any documentation that could help. Since it’s been a while, I don’t remember the details anymore, but I didn’t find any solution. In all the tests I did, it failed. I abandoned the project due to lack of support for Snap.

There are quite a few VPN clients in the store that work fine under strict confinement, did you consider just taking a look at their snapcraft.yaml ? The snap ecosystem should provide all your app needs through its different network, system and hardware related interfaces.

Yes. I could look at some files.

Will you point me to a specific YML?

Thanks.

This is one example: https://github.com/xlinuxmanx/ike/blob/master/snap/snapcraft.yaml

I found it by searching on the store: https://snapcraft.io/search?q=VPN+client, and then inspecting the developer side link. I just shared the first I clicked on, not sure if it serve your needs (but you can keep searching the other results or even search here in the forum for similar keywords)

@diego.armange.costa,

Could you check the sample provided?

@diego.armange.costa - ping, this request cannot proceed without the requested information?

@diego.armange.costa - ping, this request cannot proceed without the requested information