I would like to be able to use the “classic” value for the “confinement” attribute. I’m developing a tool for VPN and I need different permissions to manipulate VPNs. With the “classic” option I can do all VPN operations, Create, update, delete and connect.
Snap name: j-ovpn-ui.
Difficulty making an application work under strict confinement is not a sufficient reason for the use of classic confinement as per Process for reviewing classic confinement snaps.
Other VPN tools have been successfully created using strict confinement - likely you will need to plug firewall-control or some similar interface - please see https://snapcraft.io/docs/debug-snaps for more details on how to figure out which interfaces to plug - in particular the use of snappy-debug. Thanks.
Core18 with the installation of the network-manager package does not have the external plugin “org.vpn.freedesktop” for VPN. core20 does not have Maven, and core22 also throws errors.
Is there any other alternative ?
@diego.armange.costa hey,
It’s been a while since we last discussed. I am checking the status of this request. Did you make any progress with making j-ovpn-ui work under strict confimenet?
I made no progress. I couldn’t find any documentation that could help. Since it’s been a while, I don’t remember the details anymore, but I didn’t find any solution. In all the tests I did, it failed. I abandoned the project due to lack of support for Snap.
There are quite a few VPN clients in the store that work fine under strict confinement, did you consider just taking a look at their snapcraft.yaml ? The snap ecosystem should provide all your app needs through its different network, system and hardware related interfaces.
Yes. I could look at some files.
Will you point me to a specific YML?
Thanks.
This is one example: https://github.com/xlinuxmanx/ike/blob/master/snap/snapcraft.yaml
I found it by searching on the store: https://snapcraft.io/search?q=VPN+client, and then inspecting the developer side link. I just shared the first I clicked on, not sure if it serve your needs (but you can keep searching the other results or even search here in the forum for similar keywords)