Request system-files & block-devices interface for visual-lvm-remote

weLees · August 27, 2021, 12:48pm

Hi, The Visual LVM is a GUI LVM manager, it need to access system files and block devices for enumerate storage devices and LVM information.
So I request the interface as reject information.

Thanks

emitorino · September 1, 2021, 8:29pm

Hey @weLees,

Which specific system files and/or directories this snap needs? I see the latest revision has:

plugs:
  enum-devices:
    interface: system-files
    read:
    - /sys/devices
    - /dev
    - /proc
    - /proc/partitions
  etc-lvm-backup:
    interface: system-files
    read:
    - /etc/lvm/backup
    - /etc
    - /etc/visual_lvm
    - /dev
    write:
    - /etc/lvm/backup
    - /etc
    - /etc/visual_lvm
    - /dev/mapper/control
    - /proc/sys/vm/drop_caches
    - /run/lock/lvm
    - /dev
  null-device:
    interface: system-files
    write:
    - /dev/nul

But some of those do not look good to me. For example, most of /proc can be achieved by plugging system-observe iface (https://github.com/snapcore/snapd/blob/61b66aaa1beb861f308ea7dd75c2f0c042bf29a3/interfaces/builtin/system_observe.go#L60) and hardware-observe should be enough for files in /sys pertaining to hardware https://github.com/snapcore/snapd/blob/master/interfaces/builtin/hardware_observe.go#L48

Then you are requesting write access to the entire /etc and /dev directories. But also listing specific files inside those as well. Do you really need such wide accesses? Also, write implies read so just keeping write is enough.

I am +1 for block-devices (as I read the previous request which contains further explanation)

alexmurray · September 10, 2021, 8:08am

@weLees ping - did you have the chance to try the suggestions above? In general the kinds of paths which you are requesting like /dev, /proc etc are not appropriate for system-files so instead you should try and find existing interfaces that provide support for these, and as suggested by @emitorino, snappy-debug should be able to help identify these.

weLees · September 10, 2021, 9:44am

Yes we are trying to access via other path, it’s difficult.

weLees · September 14, 2021, 12:39pm

We have tried best to remove interfaces, and the new submitted version is the result.
It is the least interfaces version.

emitorino · October 1, 2021, 6:36pm

I believe the discussion has now been moved to this other topic. I am updating our review queue to refer to such topic.