cmd,client,daemon: expose "force devmode" in sysinfo

[zyga]

The GNOME software center would like to show appopriate icons if a snap
application is confined and while each snap shows its confinement
information the whole system may be unable to offer effective
confinement. This patch adds a "confinement" key to the sysinfo
interface and switches the existing "snap debug confinement" command to
use it, rather than implement the logic in the client.

Signed-off-by: Zygmunt Krynicki zygmunt.krynicki@canonical.com

[robert-ancell]

Looks good, thanks!

[chipaca]

is it really "none", or is it "only seccomp"?

[zyga]

It's none for the POV of the user. We don't want to drill down to the "this or that" details.

[Conan-Kudo]

I don't know if it's a great idea to make it like that. It's a more negative lie than the current one. Can we say something like "basic" or "full" confinement?

[zyga]

We can evolve this but I just kept the values that we have already.

[mvo5]

The latest idea was "partial" or "strict"

[robert-ancell]

This field is an enum right, rather than a free-form string? (Asking for documentation and snapd-glib implementation purposes).

[codecov-io]

Codecov Report

Merging #3542 into master will increase coverage by 0.02%.
The diff coverage is 77.77%.

@@            Coverage Diff             @@
##           master    #3542      +/-   ##
==========================================
+ Coverage    76.8%   76.83%   +0.02%     
==========================================
  Files         379      379              
  Lines       26285    26290       +5     
==========================================
+ Hits        20189    20199      +10     
+ Misses       4304     4297       -7     
- Partials     1792     1794       +2

Impacted Files	Coverage Δ
client/client.go	80.88% <ø> (ø)	⬆️
daemon/api.go	73.26% <100%> (+0.07%)	⬆️
cmd/snap/cmd_confinement.go	63.63% <60%> (+43.63%)	⬆️
cmd/snap/cmd_aliases.go	96% <0%> (+2%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b7b3789...89729aa. Read the comment docs.

[robert-ancell]

This is required for Fedora because without this change GNOME Software shows all snaps as confined. As this is not true in Fedora they want this information so snaps are correctly marked as not confined (the default for RPM packages).

[mvo5]

Looks good, but I thnk we want to tweak the wording.

[chipaca]

is it really "none", or is it "only seccomp"?

[zyga]

It's none for the POV of the user. We don't want to drill down to the "this or that" details.

[Conan-Kudo]

I don't know if it's a great idea to make it like that. It's a more negative lie than the current one. Can we say something like "basic" or "full" confinement?

[zyga]

We can evolve this but I just kept the values that we have already.

[mvo5]

The latest idea was "partial" or "strict"

[robert-ancell]

Anything blocking this other than the CI build?

[zyga]

@robert-ancell I think it's just CI now, I think tests will pass now, the Linode problem was fixed yesterday by Gustavo.

[zyga]

I fixed the tests, it should go green soon.