This snap, croc, reads a file on the local filesystem and transfers it through TCP sockets to a recipient on another system where the received file would be written to the local filesystem.
I am requesting “classic” confinement so that I can publish this snap with access to the filesystem.
If you require more information or if this authorization is not applicable to my program, please let me know and I can provide.
Could you please outline what are typical file-paths expected to be transferred via croc? To my reading I would assume plugging the home and removable-media interfaces would likely provide access to the majority of files which most users would conceivably which to transfer and so it is not clear at all to me that classic confinement is required.
@schollz - ping. Please answer @alexmurray’s questions. This request cannot proceed without your feedback.
@alexmurray Yeah, you’re right I think home and removable-media and maybe /tmp would be great. How should I change the snap so that it can have permission to these file systems?
You already have access to a snap-specific /tmp.
You use:
confinement: strict
apps:
croc:
plugs:
- home
- removable-media
(though you may want to start with ‘devmode’ instead of ‘strict’ when initially moving over). See https://snapcraft.io/docs/supported-interfaces for more information.