Is it possible to have full hard drive access with a snap?

snap

As I understand it, a snap has to declare which interfaces it needs access to and it is confined to those.

Looking at: https://developer.ubuntu.com/en/snappy/guides/interfaces/ there is no option for full system access.

I can appreciate that the secure confinement is very important, but I am looking to use snaps as an easy distribution mechanism for duplicity backup, which needs to be able to read all system files to back them up and write access to wherever the user wants the archive files saved.

I know that this is not the primary use case for snaps, but now that they can be used on multiple distributions and solve dependency issues, I'm exploring the idea as an alternative to having to generate all the different variants of our package.

Would we be able to bend snaps to our will, or is the format not really suitable for things that need that much access?


Solution 1:

Yes, what you want is an interface that grants full access to a disk, and it's reasonable for such an interface to exist. It would not be an auto-connecting interface, in that either the user or the person who makes a device with the snap would need to explicitly tell the snap system to allow that connection to take place, but the interface itself is a reasonable request.

If you're game I'd suggest you work up a patch for snapd which we will shepherd into the code.

Solution 2:

Since I posted my question, Snapcraft has gained a new confinement option: "classic".

From: https://docs.snapcraft.io/snap-confinement

Classic Allows access to your system’s resources in much the same way traditional packages do. To safeguard against abuse, publishing a classic snap requires manual approval, and installation requires the --classic command line argument.

Duplicity now has classic confinement approved and we have started building snaps in that way.

(See also: https://github.com/snapcore/snapd/pull/6436 which is about potentially adding a new interface for backup applications that only require read access to the whole filesystem.)

Related

How to create a icon on Ubuntu 16.04 desktop that would start a command line app?
Ubuntu 16.04 menus are always displayed
I can't run/open viber
Networking - Shared to other Computers - How to find a client's IP address?
How can I uninstall ubuntu web browser?
How can I run a script after a specific package is upgraded?
Broken package click on Ubuntu 16.10
No network devices available - Ubuntu 16.04 (No wifi/no Ethernet)
What applications can be used for viewing .exr files?
Sshd_config still allowing password authentication
Extracting zip from Terminal with renaming when filename exists?
How to upgrade GTK 3.18 to 3.20 on ubuntu 16.04? [duplicate]