Wisdom request. Is there a service for interfaces?

store-requests
1

Hi, I don’t have enough experience with snaps and … this is not a request for approving a connection.

This Category seems to be the appropriate place to ask or having a thread about why an interface has been granted by default. Right?

So, I have read enough but I’m still not clear given that my experience is a little behind me.

Q: When an interface has been voted to not-connect-automatically, my snap should request the connection, I don’t understand that workflow.

Is the snap able to talk to a service which prompts the user about it? What is its name? sudo :smiley:

When launching a command such as snap connect X:Y the authorization is handled for me, I don’t need to sudo because it takes place transparently with a modal window. So I guess this is something I can do from the snap, “poke a hole in the sandbox and call for room services” (because the user is the manager). Please confirm

The other option could be tell the user what is required and move on with the next routine or finish.

Q: In case the snap can raise the request, then why is the browser connecting to the interface automatically?

It came with the release of the distribution (as it always does) but things have changed in the last years and the browser can now be unplugged from the interface.

(TL;DR | Out of main subject: You will have to use the command line for Firefox but that’s it, you can do it. Is that because it came included by default, snap-store will not interfere and grant all instead ??)

The browser asks, exclusively, for denied or temporary/permanent approval when it needs to use microphone/camera. Aren’t we following the same goals? This may apply just to snaps but still, Mozilla have always been a step forward, maybe it is too soon to say that this is unusual.

I did my best with the format and there isn’t much left I can do. This question is too long because one of the questions is an opinion.

Maybe the off-topic needs some additional screenshots to make my point (off-topic) that is not clear if it is a bug or the interfaces can be changed just from the terminal intentionally

Screenshot from 2023-06-08 10-11-06
Screenshot from 2023-06-08 10-11-06958×128 12.8 KB
Screenshot from 2023-06-08 10-11-21
Screenshot from 2023-06-08 10-11-21958×128 24.2 KB
Screenshot from 2023-06-08 10-05-55

2

Unfortunately there is no easy mechanism yet to allow a snap to request that the user connect a given interface (hopefully the AppArmor promting work that is currently in progress will enable this but the UX is still under development so I am not certain it will support this use-case - perhaps @mvo can comment more on this).

In the meantime, a snap is able to use a combination of the snapctl is-connected $interface (where $interface is a placeholder for the given interface name in question, say audio-record or camera to fit with your firefox example) and then if this fails (ie exit status 1) then the snap can know the interface is not connected and proceed to present some kind of prompt to the user to ask them to connect the interface manually, using something like zenity. Assuming your snap plugs the desktop interface, and the user chooses to connect the interface, you could run xdg-open snap://$SNAP_INSTANCE_NAME which should then open the snap-store (on default Ubuntu desktop) with the page of the snap in question, and the user can then just click Permissions to connect the interface.

2 Likes