'Unconfined' apps

[Alan Pope]

Hi,

This is an architectural snappy question where I have one use case,
but have seen others mention similar issues which may be related.
Perhaps they could speak up also with their requirements.

With regards to
https://code.launchpad.net/~popey/ubuntu-terminal-app/add-snapcraft-config/+merge/305206

http://people.canonical.com/~alan/ubuntu-terminal-app_0.7.207_amd64.snap

I made the above merge and snap to test out the phone terminal app on
the desktop as a snap, for possible inclusion in the store. The goal
being that people can install it on a Unity8 snap-only system.

But, it's a bit useless in its current form, due in part to our
confinement and store policies. In the click store (on the phone) the
app is unconfined, so can access files/programs outside of the click.

If I set confinement to be 'strict' then I can put it in the stable
store, but you can't actually run any non-built-in things (like ssh,
top), making it unusable for most people.

If I make it use the 'devmode' confinement policy then it (as I
understand it) *cannot* go into the stable store (by policy), but can
execute external commands in the core. However, it can't be used to
launch other executables in other snaps, making it somewhat useless on
a snap-only system with other tools installed.

I don't believe this to be unique to this terminal, nor
desktop/graphical apps, other snap-packaged terminals (and file
managers & other system level things) may have the same issue.

How do we we resolve this? Do we request a security exception & code audit?
Is there some other planned interface for these kinds of 'expert' apps
which need to reach outside of their confinement?

Cheers,
-- 
Alan Pope
Community Manager

Canonical - Ubuntu Engineering and Services
+44 (0) 7973 620 164
alan.pope at canonical.com
http://ubuntu.com/