Request for 'classic' confinement of Reflasher app

Dear @review-team,

the Reflasher is a cross-platform (linux,win32,darwin) Electron application to create bootable, configured flash drives to be used in IoT devices. It is in particular suited to work with Reswarm - IoT Development Studio by making use of the custom .reswarm file extension including full configuration of an IoT device. The Reflasher may also be used as universal-purpose flashing tool to prepare conventional bootable drives for an operating system on any kind of flash drive.

The reasons for a ‘classic’ snap requirement are:

  • (privileged) read/write access to block devices (/dev/sd*)
  • access to system tools/files to list and gather details of block devices (flash drives)

Aside from the classic request, is it intentional that the snap contains an entire raspberry pi image? It’s over 1GiB which is causing your “lightweight” compressed snap to clock in around 400MB. Without that file it comes in at a way more reasonable 62MB.

the hardware-observe, mount-observe and block-devices (and probably raw-volume) interfaces should be sufficient to actually write to block devices or partitions without classic confinement … did you try using them yet ?

Yes, the inclusion of an entire raspberry pi image is intended since this serves as the “default” OS for the IoT device to be created. However, we plan to replace the large HypriotOS image with our own customized OS (with a much smaller root filesystem) in subsequent versions.

No, I didn’t use them yet. I will try to employ these interfaces to avoid the classic confinement. Thanks a lot for your support and quick response!

@mafi since it looks like you are pursuing strict confinement for reflasher, I am removing this request for classic confinement from our internal queue - FWIW, I also feel that reflasher should be able to function under strict confinement (see for example the rpi-imager snap which appears to perform a similar function and which is also able to operate under strict confinement).