I want to package parsec with a snap. Parsec aims at provide dropbox-like cloud data store and sharing on top of an encryption layer.
The reason I want classic confinement for this application is it uses FUSE to mount a virtual filesystem to expose user data.
I saw snap provide the fuse-support interface, but it only allow root to do the mount which is a no go for a user application.
My understanding of fuse is that fusermount is required to be setuid, so without setuid I guess the application won’t be able to mount the virtual filesytem and will log the error and crash. This behavior should happened the same way no matter if the application is packaged as a snap classic or installed in a more traditional way.
Well, some systems may limit the group membership, etc or not have the binary installed at all (eg, Ubuntu Core systems). Of course your request for classic means that the snap wouldn’t be available on classic either.
I would like to better understand this comment: “The reason I want classic confinement for this application is it uses FUSE to mount a virtual filesystem to expose user data.”. Can you give precise details on how the mounts work (eg, mountpoints, mount options, etc)?
Thanks a lot for the link on github issue comment, this gives me more understanding of the fuse interface
Can you give precise details on how the mounts work (eg, mountpoints, mount options, etc)?
Here is how works the application:
user starts the application
application display a login page
user logs in
application loads the user’s configuration including the path where fuse should be mounted (let’s say $HOME/parsec-mnt for instance). It’s totally acceptable to force the user to only mount in his home or in the /media/<username>/ folder.
application starts fuse (application is in python and I use the fusepy library as a slim wrapper on libfuse), this exposes the user’s data. Using mount -l I got:
FuseOperations on /home/touilleMan/parsec-mnt type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
user can decide to logout (to login as another identity for instance). This cause the application to stop the fuse and unmount the fuse mountpoint
From what I understood, snap fuse interface:
is not connected automatically, meaning user should do an additional manual operation once the snap installed to enable this. I guess the manual phase has to be done only once (and not each time the application is started or each time snapd is restarted).
This still leave me puzzled with the Can mount fuse filesystems (as root only). documentation sentence about the fuse-support interface. Does this means once the interface connected, the application must be run as root (typically by having snapd prompt a root password box before actually running it) ?
doesn’t support unmounting (even if the mountpoint has been mounted by the same process like in my usecase).
This is not compatible with the logout phase of my application.
BTW, this is still a bit strange for me given I would say not unmounting your fuse before closing an application can leave a zombie mountpoint (i.e. ls on the path ends up with a Transport endpoint is not connected error), I got the case when using SIGKILL on my application. Is there something I’m missing there ?
you wrote in the github issue Furthermore, the snap-confine command creates a new mount namespace so the fuse mounts aren’t accessible to other processes outside of the app’s process.
Does this means the fuse mountpoint wouldn’t be accessible from 3rd party applications (for instance opening a text file with vi or reading a movie with vlc ?). If so this would make fuse pretty useless so I guess I read this wrong
Of course your request for classic means that the snap wouldn’t be available on classic either.
Yes, this is precisely what it means. The aforementioned PR comment discusses that the fuse-support interface has a number of limitations. You would need a new interface called ‘fuse-control’ and for the core snap to ship fusermount for your snap to work in strict mode as non-root, but see below for a complication.
You aren’t missing anything. The fuse-support interface is limited (see above). Unmount would be supported by a fuse-control interface.
The fuse-support interface is there to support other scenarios different from allowing a snap to make fuse mounts available to the global mount namespace of the host.
Well, yes, I had a typo I meant to say "Of course your request for classic means that the snap wouldn’t be available on non-classic distro (ie, Ubuntu Core) either.