Synchrorep need classic confinement


Synchrorep need classic confinement in order to install a nautilus extension.


The requirements are understood in that classic is needed to install a nautilus extension, but it is possible for snapd to be extended to install nautilus extensions and for them to run under confinement.

@sebk69 - what is the standard packaging for a nautilus extension?

@pedronis - this seems like a candidate for classic, though it is a new use case. Can you comment?


Nautilus extensions typically reside in /usr/share/ in a directory name something like nautilus-foo or foo-nautilus. Similarly that can also be installed in ~/.local/share/


@pedronis can you please take a look at @jdstrand’s question above?


@jdstrand @alexmurray in general I wonder if snaps are a good choice to package extensions to non-confined software if it means they need to be classic to work at all in that role


@pedronis - this is a good question - we also have a similar request over in Yaru dartk theme toggle review request - in both cases we have software that wishes to make itself available (as a plugin/extension etc) to existing software installed on the host system - so classic is the only possible solution we have to this problem - and I agree that this does not really fit with the snap model. In particular the way these applications on the host system support plugins as files within a well-known location makes this hard to support with snaps.

The most similar thing that I am aware of which we have tried to support like this is GNOME Shell Search Providers - but in this case we are exposing a D-Bus interface and allowing snaps to use that interface to register themselves as providers - so for the case of these plugin type applications we would either need to provide something similar (ie a well known D-Bus or other API which snaps could plug and then use to register themselves - and this might in the background create the appropriate plugin file on disk etc for the host application). However I can see this having it’s own issues around API stability etc between the host application and the plugins which we then create via this proxy interface.

So in summary I tend to agree we can’t really support this use-case well with snaps as it currently stands, however even given this I am not sure that classic confinement is an appropriate solution due to the large amount of unexpected authority which this grants.