move interface-specific OS mounts to interface.SecurityMounts
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Snappy |
Won't Fix
|
Medium
|
Jamie Strandboge | ||
| snap-confine |
Won't Fix
|
Medium
|
Jamie Strandboge | ||
Bug Description
From: https:/
"Since I've been looking at interfaces in support of bcc, I looked into this and agree this should be handled in the interfaces for a proper solution. One way to do this would be to allow the .fstab parsing to allow OS/classic mounts somehow instead of just snap mounts, then interfaces could declare what OS/classic mounts to add instead of hard-coding them in snap-confine.
More concretely, rather than unconditionally bind mounting /var/log in snap-confine, the log-observe interface would add an entry to .fstab on interface connect. In this manner, only the snaps that are connected to log-observe get the additional bind mount, which is a cleaner runtime and easier to maintain. The same could be done with /usr/src."
| Changed in snap-confine: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| assignee: | nobody → Jamie Strandboge (jdstrand) |
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in snappy: | |
| status: | Triaged → Won't Fix |
| Changed in snap-confine: | |
| status: | Triaged → Won't Fix |
I'm closing this since there are a bunch of upcoming changes to the mount code. Perhaps we can revisit it in the future.