move interface-specific OS mounts to interface.SecurityMounts
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Snappy |
Won't Fix
|
Medium
|
Jamie Strandboge | ||
snap-confine |
Won't Fix
|
Medium
|
Jamie Strandboge |
Bug Description
From: https:/
"Since I've been looking at interfaces in support of bcc, I looked into this and agree this should be handled in the interfaces for a proper solution. One way to do this would be to allow the .fstab parsing to allow OS/classic mounts somehow instead of just snap mounts, then interfaces could declare what OS/classic mounts to add instead of hard-coding them in snap-confine.
More concretely, rather than unconditionally bind mounting /var/log in snap-confine, the log-observe interface would add an entry to .fstab on interface connect. In this manner, only the snaps that are connected to log-observe get the additional bind mount, which is a cleaner runtime and easier to maintain. The same could be done with /usr/src."
Changed in snap-confine: | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
I'm closing this since there are a bunch of upcoming changes to the mount code. Perhaps we can revisit it in the future.