Request for classic confinement: shellhub

Hello Snap Store Team,

I am developing a snap for ShellHub, which is an SSH server, and I have identified that, for the proper functioning of my application, it is necessary to use ‘classic’ confinement. I would like to request permission to use this confinement mode for my snap.

Why I need classic confinement for ShellHub

Classic confinement is required for the ShellHub snap to function effectively and securely, ensuring proper access to system resources and functionalities essential for managing SSH connections on devices.

The shellhub snap qualifies for classic confinement under the following category:

  • terminal emulators, multiplexers and shells

Technical Reasons

  1. Access to System Files for Authentication: ShellHub needs to access system files such as /etc/passwd and /etc/shadow to perform authentication when users log in.
  2. Allocation of Pseudo Terminal (PTY): ShellHub requires access to allocate pseudo terminals for user sessions.
  3. System Calls for Spawn of Shells: When users log in, ShellHub needs to make system calls like setuid and setgid to spawn shells.
  4. Store Login Record When User Logs In: ShellHub needs to write login records to the utmpx database to keep track of user sessions.

Additional Information

Thank you in advance for your attention and consideration. I am available to provide any additional information that may be required to evaluate my request.