System level tool requiring access to /sys and /dev

Hi Team, I am trying to register my app ‘bcachectl’ in the snap store. I requested classic confinement but was rejected.

It was suggested to me in the linked post to contact snapd team to discuss.

The app is a low level system cli tool that needs to read+write /sys and /dev with the actual location unknown at invocation time (it is dependent on devices available on the host, and also new bcache devices/locations are created as the tool is used).

How do you suggest I achieve this without classic confinement?

You should start with creating a PR against snapd to create a new interface for bcachefs (i.e. bcachefs-control) … since you do not know the exact paths but should know the file names you want to access, it should have proper wildcard pattern matching for the respective files you want to access…

It may or may not be of any use to you @rafalop but I captured the process I followed when building an interface in this github gist

1 Like

Thanks guys, I’ll give this a try see how it goes.

This saved me! Seriously I have been searching for this everywhere