Hello,
I would like to request classic confinement for my package ls-go.
Similar to the classic ls command, it is a CLI tool for listing files and directories. It therefore needs read access to the entire filesystem.
Thanks for reviewing.
Hi @acarl005 thanks for the request. With the review classic snaps, we require that the request fit into one of the supported categories (see here). Could you please identify if ls-go fits within any of those categories?
Alternatively, it looks like this snap would be a good case to use the system-backup interface which provides read-only access to the system via /var/lib/snapd/hostfs.
Hi @cav
hm… Can you help me understand how I would use this system-backup interface? Should I have my program detect if it is running as a snap, say by checking for one of snap’s env vars like $SNAP_NAME, and if it is, prefixing all filesystem paths with /var/lib/snapd/hostfs?
The way you described there sounds good. There is a recent forum post that links to a snap that uses this interface which might help as well: Request for classic confinement approval for snap ltext
Another option, if you don’t want to do the environment variable check, would be use the override build command in your snapcraft yaml and patch the source (at snap build time) to prepend that path. That way the runtime code on your non-snap versions wouldn’t have to do the env checking.
Hey @acarl005, as an update, the review team had more of a discussion on the intended purpose of the system-backup interface and we backtracked on the what I have said before (see this update on the forum topic I linked before here).
Essentially, the discussion concluded that system-backup should really be used for system backups rather than general purpose use. Apologies for the confusion before.
In regards to the classic confinement request, I have had a look at some similar cases to do with file manager snaps (which ls-go would align with) requesting classic and we (reviewers and snap architect) came to the conclusion that file manager type snaps won’t be granted classic. For some added context here is a forum topic that discusses this: Classic confinement request: System G.
Again, sorry for the flip flopping on this.
Thanks for the explanation. If I can’t use the system-backup interface, and I also can’t get classic confinement, I don’t think there’s any way for me to distribute my package as a snap. Is there anything I can do?
What you can do is continue to use the system-backup interface, but from the reviewer side of things, we can’t grant auto connection to it. This would mean users have would have to manually connect to if they wanted this functionality in the snap.