Request read-only system-files access for tracex-parser

Hello, I’m learning how packaging of snap applications is done and I’ve been going through the process of packaging the CLI portion of my tracex-parser Python library.

The CLI program parse-trx needs read-only local file access in order to do its job - parsing ThreadX trace files into a human friendly format. To do this I’ve leveraged the system-files interface with read access to /home and /media (two places where a user might put ThreadX trace files): https://github.com/julianneswinoga/tracex_parser/blob/js/add-snap-build/snap/snapcraft.yaml#L30. Ideally I could allow read access to /tmp and /opt as well but I don’t believe that is currently possible with snaps.

So in order to publish my snap (tracex-parser) I require this human review: human review required due to 'allow-installation' constraint (bool)

You do not need system-files here, the home and removable-media interfaces grant you access to /home and /media… that way your snap will not go into manual review…

Thank you for the reply! Since I only need read access though, is there a way to lock down the home and removable-media interfaces to not default to rw?

nope, they are RW for the users $HOME and their files in /media … and there is no option currently to limit this …

hi @julesinspaaace, (and thanks ogra).

For awareness, the removable-media interface is considered sensitive, which means not only does it’s use require specific permission from the reviewers team here, but also that the publisher be vetted. There are some guidelines on the process for auto-connections page (search for removable-media).

The home interface of course is auto-connected once you plug that, but typically removable-media remains a manual connection unless the criteria linked above are satisfied (I mention this especially because you mention you’re just learning how to package snaps).

Thank you for the help and information! I’ve reverted back to strict confinement and published the snap