Hi, This is an architectural snappy question where I have one use case, but have seen others mention similar issues which may be related. Perhaps they could speak up also with their requirements.
With regards to https://code.launchpad.net/~popey/ubuntu-terminal-app/add-snapcraft-config/+merge/305206 http://people.canonical.com/~alan/ubuntu-terminal-app_0.7.207_amd64.snap I made the above merge and snap to test out the phone terminal app on the desktop as a snap, for possible inclusion in the store. The goal being that people can install it on a Unity8 snap-only system. But, it's a bit useless in its current form, due in part to our confinement and store policies. In the click store (on the phone) the app is unconfined, so can access files/programs outside of the click. If I set confinement to be 'strict' then I can put it in the stable store, but you can't actually run any non-built-in things (like ssh, top), making it unusable for most people. If I make it use the 'devmode' confinement policy then it (as I understand it) *cannot* go into the stable store (by policy), but can execute external commands in the core. However, it can't be used to launch other executables in other snaps, making it somewhat useless on a snap-only system with other tools installed. I don't believe this to be unique to this terminal, nor desktop/graphical apps, other snap-packaged terminals (and file managers & other system level things) may have the same issue. How do we we resolve this? Do we request a security exception & code audit? Is there some other planned interface for these kinds of 'expert' apps which need to reach outside of their confinement? Cheers, -- Alan Pope Community Manager Canonical - Ubuntu Engineering and Services +44 (0) 7973 620 164 alan.p...@canonical.com http://ubuntu.com/ -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
