Request for confinement 'classic' for 'auto-sys-config'

auto-sys-config is a tool to disable automatic suspend, update apt, cancel pw requirement while using sudo and import ssh keys to help us manage our machines in the lab with less effort. Which needs ‘classic’ confinement to make it works.

Please see

Only apps that fit one of the supported categories are allowed to get classic confinement…

Since one of the criteria that forces snaps to be unsupported is “3rd party installer snaps” (to i.e. manage native apt packages) I fear your chances are pretty low though…

Hi Ogra, thanks for reply.

If to fit “3rd party installer snaps” means that we have to manage and distribute our snap through the Snap Store. We can totally do so. And I think our needs is meet the criteria:

access to files on the host outside the snap’s runtime

This tool performs the following tasks:

  1. Enable Non-Password Sudo: modify /etc/sudoers.d/ubuntu to grant sudo access without a password.
  2. Upgrade System Packages: run apt update & upgrade to make sure the packages in DUT is in the latest versions(e.g. packages from OEM or kernel team).
  3. Import SSH Keys: Keys for the MaaS and testflinger server in the cert lab.
  4. Disable Auto Suspend: A system level setting to keep DUT awake.
  5. Enable Auto Login: Some test plans in Checkbox involve rebooting, so it’s essential to be able to auto-login to continue the tests.

Please let me know if any changes or information need to be address to help us get classic confinement. Thanks!

I think you read the page i linked wrongly…

You explicitly do not want to be in this unsupported category as it will completely deny you from getting classic granted…

Snaps have to be self contained, no matter which confinement model they use, they have to ship all their runtime dependencies so that your snap can run seamlessly on gentoo, arch, fedora, yocto, nixOS etc… this completely rules out any calls to external native package managers like rpm or apt…

With all the criteria you list above i don’t see any supported category you would fit in… that said, I’m not in the reviewers team, I’m just trying to make sure all paperwork is in order before someone reviews, but i fear their answer won’t be much different

To grant classic the snap needs to fit in one of the existing categories but as ogra mentioned, this snap fits in the unsupported category of “3rd party installer snaps”.

Have you considered an alternative design for your solution so you can still get the benefits of the snap ecosystem under strict confinement? Alternatively, you can distribute the snap among your team members in an alternative way that doesn’t involve the global store (e.g. network share) and still obtain a lot of advantages from the snap concept.

1 Like

auto-sys-config need classic confinement to function properly.

Hey @raman005 ,

If you see the process-for-reviewing-classic-confinement-snaps:

  • difficulty making strict confinement work

Fits into the unsupported category. This combined with the explanation from @ogra

means that unfortunately auto-sys-config do not fit the criteria to be granted classic.

Based on the explanation provided by @dio, this seems to be a snap to be installed in the lab. So just to be clear:

On the other hand, your team does not need to distribute it through the Snap Store unless its a requirement for the lab setup/configuration. Your team can always built and install it locally. If publishing it to the store is a requirement, we can explore other options, like the use of interfaces like: packagekit-control, ssh-keys, system-files and others to make auto-sys-config work under strict confinement.

@dio - ping, did you check the information provided above?

@dio - ping, this request cannot proceed without the requested information.

@dio since we’ve not heard back from you, we are removing this request from our review queue. When you have more time to respond, simply do so here and we can add the request back to the queue. Thanks