The docker interface is reserved for snaps that require the ability to control all aspects of docker containers on the system which therefore grants device ownership to the snap. If the access is required, consider using a brand store or create a forum topic at https://forum.snapcraft.io/ using the ‘store-requests’ category if this can be discussed in public or the ‘sensitive’ category if the discussion should remain private. Please feel free to copy and paste this message in the topic. Thanks!
Can you please state which app this request is for any why it requires this access?
snap name : regalcheckcontainerstatusalpha .This snap is private.
It requires docker interface access for monitoring docker container and start and stop docker containers
Not an answer, or decision, but it is important to note that even though your app is currently private it is in the public Snap Store. If the decision were made to grant the docker interface to a private snap and subsequently that snap is made public the snap will have device ownership over any system that it is installed upon. This is likely undesirable and is why we request information on what an app’s purposes are before voting on whether to allow or deny the request.
I see there is another request for this here Manual review explicitly - let’s use just one thread for this discussion (ie. this one).
Can you please outline the reasons why this snap needs connection to the docker interface and what the use-cases for the snap are?
We have wrote code to monitor/start/stop/pull docker container using python,so with in script all docker command are run for example : docker stop app and so on.
so i have uploaded snap on snap store.
below are some part of my snapcraft.yaml
grade: stable # must be ‘stable’ to release into candidate/stable channels
confinement: strict # use ‘strict’ once you have the right plugs and slots
plugs:
docker-cli:
interface: docker
privileged:
interface: docker-support
privileged-containers: true
docker-executables:
content: docker-executables
default-provider: docker
interface: content
target: docker-env
apps:
alpha:
command: withoutreboot
daemon: simple
restart-condition: always
plugs: [home,network-bind,network,docker-executables, docker-cli,privileged]
is it right way to defined snapcraft.yaml
Thanks for the update - I understand this is a required piece of functionality for this snap, however the current description and name do not make it clear to me that as a user of the snap that it would necessarily be granted this privileged access. As such, at this stage I would vote +1 for use of the docker interface but -1 for auto-connect.
+1 for use of the docker interface but -1 for auto-connect, as users may be unaware that this snap uses a privileged interface.
Please convert this request to use docker interface. If you need any info, let me know.
+2 for, 0 against, 0 abstained for use of docker interface.
0 for, -2 against, 0 abstained for autoconnect of docker interface.
Granting use of docker interface.