Thanks for putting these notes in place, @mvo.
A few complements, with points we didn’t manage to clarify over our call today:
- The advantage of snap-generate-profiles (or is it snapd --generate-profiles?) compared to just generating the profiles when snapd itself starts is still a bit nebulous. Calling it externally means creating another race since that external snapd doesn’t own the data it depends upon and the main snapd may still change it.
- We need to make snap-confine wait for some amount of time and warning about it if its required profile is not yet in place. That ensures we can handle some corner cases such as updates to the kernel that happen behind the back of snapd in a classic system.
- Ideally profiles would be created and updated atomically, so that once we have a profile directory in place we know it’s complete.
- Not sure if we should use digest-keys.txt or if perhaps just key would be enough.