System-files request for Typora snap app

ilchenearly · February 14, 2022, 10:13am

Typora allow users to run custom scripts for export files, or upload images, etc. So we want to have read and execute access to /usr/bin and /usr/local/bin, and therefore, added system-files plug for this purpose. Please review it.

The YAML file is at https://github.com/typora/typora-snap/blob/master/snap/snapcraft.yaml

Any other information needed, please let me known. Thanks in advance.

alexmurray · February 14, 2022, 11:50pm

system-files does not provide execute access - so this is not possible. The only way to have a snap execute binaries already present on the host system is via classic confinement - however a snap must be granted an exception to use this via following the Process for reviewing classic confinement snaps - also note the there a number of downsides to using classic confinement as well:

classic snaps can be brittle since they run in the global mount namespace as opposed to the strict/devmode runtime environment whose rootfs is a base snap. While the snap is built with a base in mind, its binaries or environment variables are adjusted to point into the snap where the host’s filesystem is fully available, which can lead to problems cross-distro, running host commands with the environment variables set, etc
classic confinement is not available to Ubuntu Core and therefore the snap would be unavailable to all-snaps devices

ilchenearly · February 15, 2022, 3:31pm

Thanks for the reply.

system-files does not provide execute access - so this is not possible.

Do you have plans to support execute access for snap apps? I think that will be useful. And system-files already provide “write” access which would be even stronger than “execute” in some way.

users must specify --classic when using snap install to install a snap using classic confinement

If user install without --classic flag, does it mean the snap is successfully installed in non-classic mode? And what if we already have some users, can they upgrade to the classic mode version successfully?

ogra · February 15, 2022, 5:21pm

well, nobody would ever grant you write access to /usr/bin, this is why the human review process exists

no, snapd will simply refuse to install this snap … classic is a build time thing, if a snap is built for classic the user needs to explicitly grant that full and insecure access at install time, this is why the switch exists …

ilchenearly · February 16, 2022, 4:06am

Hi, so does snap community plans to support execute access for binaries in certain system location or whitelist? That will be useful.

And what if we already have some users, can they upgrade to the classic mode version successfully?

alexmurray · March 22, 2022, 6:00am

No there are no plans to support execute for existing binaries on the system - a snap instead should either ship the various binaries it requires or perhaps use the Process for reviewing classic confinement snaps to request classic confinement.

Because classic confinement removes all confinement from the snap, users will not be automatically upgraded to this version - instead they would have to manually refresh the snap snap refresh --classic typora or similar so they can opt-in to this reduction in security.

emitorino · April 6, 2022, 12:15pm

Hey @ilchenearly,

Did you check if Typora could ship the binaries it needs to execute and stay under strict confinement?

Thanks!

alexmurray · April 21, 2022, 5:11am

@ilchenearly - ping, can you please provide the requested information?

ilchenearly · April 21, 2022, 7:10am

It would stay under confinement since making it classic seems complicated for end users.

emitorino · May 18, 2022, 12:15pm

@ilchenearly hey,

So iiuc this request can be closed. Is it there anything else that we can help with? Thanks!