The mosh
snap needs to be set to classic
to allow the user to do ssh
-things when connected.
Description and source can be found in the call for testing.
The mosh
snap needs to be set to classic
to allow the user to do ssh
-things when connected.
Description and source can be found in the call for testing.
I’ve just checked the mosh
store review and the use of classic
was approved by @evan on September 29th
@Wimpress - the request seems to be for https://dashboard.snapcraft.io/dev/snaps/8487 and I don’t see any feedback indicating it was accepted. There is another mosh snap in the store, but it is using devmode.
@msis It would actually be nice to have this one fully confined. It’d mean being able to use it from more distributions and also from Ubuntu Core. Can you provide some details about why the confinement is being an issue there?
No access to ~/.ssh
unless you use classic confinement is the cited reason. Not the first time we’ve seen developers use classic for applications requiring access to ssh or gnupg keys.
We can easily introduce interfaces for that. Perhaps ssh-keys and gnupg-keys?
Is there anything else?
@niemeyer Those interface names sound sensible to me and are the only two examples of dot directory access that has prevented snap publishers from staying strictly confined.
@jdstrand What do you think of those interfaces? Should we split them up, maybe:
Alternatively, ssh-public-keys, ssh-private-keys, etc, so it sorts properly.
I wonder if this would be better:
I agree that ‘private’ should include private and public and leaving ‘private’ out of the name conveys that better to me.
If you agree to the naming, I can add this to my backlog. I’d like to study typical accesses a little.
In the interest of time, I created https://github.com/snapcore/snapd/pull/4100 so we can discuss how best to proceed.
@msis - I would be curious on your input in that PR. If you want, you can install your snap in strict mode, then adjust /var/lib/snapd/apparmor/profiles/snap.mosh.mosh (or whatever makes sense) with what is in ‘ssh-keys’ in that PR, then load into the kernel with: sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.mosh.mosh. Importantly, if you install/refresh/remove/reboot/etc the changes will be overwritten.
This is now committed to master and will be in 2.30.