<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    El 27/12/16 a las 14:18, Alberto Donato escribió:<br>
    <blockquote
cite="mid:CAEECqw_2oF2S-7-pa8X93xv6vARitotWAWmiYhA3H_73OZqebw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_extra">
          <div class="gmail_quote">On Thu, Dec 22, 2016 at 11:14 PM,
            Sergio Schvezov <span dir="ltr"><<a
                moz-do-not-send="true"
                href="mailto:sergio.schvezov@canonical.com"
                target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sergio.schvezov@canonical.com">sergio.schvezov@canonical.com</a></a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">
              <div dir="auto"><span class="">
                  <div><br>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">El 19 dic. 2016 11:11 AM,
                        "Alberto Donato" <<a moz-do-not-send="true"
                          href="mailto:alberto.donato@canonical.com"
                          target="_blank">alberto.donato@canonical.com</a>>
                        escribió:<br type="attribution">
                        <blockquote class="m_-5132445674291611528quote"
                          style="margin:0 0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">
                          <div dir="ltr">Hi,
                            <div><br>
                            </div>
                            <div>I'm trying to create a snap for
                              sshuttle, the ssh-based VPN app.</div>
                            <div>One of its components (the firewall
                              manager) needs to either be run as root,
                              or use su/sudo to be able to configure
                              firewall rules.</div>
                            <div><br>
                            </div>
                            <div>The app uses an "if os.getuid() != 0"
                              to check whether it can run.<br
                                clear="all">
                            </div>
                            <div><br>
                            </div>
                            <div>Is there any way to get it to work
                              inside a snap?</div>
                          </div>
                        </blockquote>
                      </div>
                    </div>
                  </div>
                  <div dir="auto"><br>
                  </div>
                </span>
                <div dir="auto">Doesn't putting sudo in front of your
                  command do the trick?</div>
              </div>
            </blockquote>
            <div><br>
            </div>
            <div>Well that might work, but it would run all sshuttle
              components as root, while the application is designed to
              run just the firewall part as root.</div>
            <div>I'd like to preserve this behavior.</div>
            <div>My question, in general, is whether it's possible to
              set up sudo within a snap confinement so that certain
              commands can be run as root.<br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    `classic` confinement can give you this. Other mechanisms might be
    tricky: on a classic the sudoers rules checked would be that of the
    core and not the one on your classic system whilst on a pure snap
    system (Ubuntu Core), iirc, you cannot modify the sudoers file.<br>
    <br>
  </body>
</html>