Requesting classic mode for guardata

Hi, I run BitLogiK, a small digital security company, we want to release the guardata client on Snap.

The guardata client app is made to manage and access the user cloud secure sync storage. Guardata is mounting a virtual drive for each shared workspace, this is done through the use of Fuse. That requires classic “confined” mode, as the standard sandbox doesn’t allow guardata to run correctly.

Thanks,

Any update on our query from August 30th ?
We received a rejection in the snapcraft store on Sept. 7th, because we were required to “make a request in the forum by following the process outlined in Process for reviewing classic confinement snaps”. We replied on 9 that we did it as it was requested with a link to this request. So far, not a single response (not here, not on Snapcraft store).

Hey @bitlogik ,

Apologize for the late response. Have you tried plugging the fuse-support interface? If not, you can take a look at the interface documentation as well as this discussion about the use of the interface. You can use snappy-debug to get suggestions/understand denials. If you run into problems, feel free to post the snappy-debug output here along with your questions and we are happy to help.

If you can make your snap work with this interface, it could be made strict (and therefore enjoy all the benefits of a stable runtime environment). Please remember classic snaps are not installable on Ubuntu Core devices and also run in the global mount namespace, which means great care must be taken for the snap to work reliably across distributions.

We appreciate and understand that you want to protect the users and you’re careful about security. In our case, there are a couple of things in various domains that make the classic mode required and why we are requested this.

Guardata users can have multiple mount points (many workspaces, plus time machine mounting), and select which ones are mounted, mount/unmount with a single click on a slider from the GUI. This uses extensively fusermount and unmount. This is not supported by fuse-support. At this point, after reviewing the fuse-support module, we expect guardata can’t run with this snap interface because of this.

Adapt to use the strict mode, would require some changes in the existing app, detecting that the app is used in snap, for example mount in the SNAP_USER_DATA directory. Our app can run on multiple platforms (Windows, MacOSX, Linux), and this is like Snap will be one more OS. It would require engineering time. Adaptation is even pointless as, explained in the previous paragraph, we think it is not even possible to run in strict mode.

Our app already benefits of great care to work reliably across many distributions (Python 3.6-3.8, Ubuntu 16 18 20). Also it is fully in Python so the portability issue is eased by Python. We already continuously test and make available the app (as Python wheel pip) on various Linux platforms. The snap store app is a way to make it an easy way for Ubuntu users to install the app.

Guardata is a fork from the Parsec system (in which we are also an official contributor through an signed mutual agreement), which is available on the snap store as a classic mode app.

We are a security company, and we are committed to provide the most secure experience for our customers, protecting their data and not to harm their machine. We have Apple developer ID certificates for Mac ans iOS for years, and an EV code certificate on Windows. We would bring the same level of quality to the snap store.

Thanks for the additional information. Your comments on fusermount and the fact that guardata is a fork of parsec indicate this should be classic. The requirements are understood. @advocacy - can you please perform the vetting?

I have verified the publisher, +1 from me.

Granting use of classic. This is now live.