Portals is the most correct answer. When we have portals support we have the opportunity to do LD_PRELOAD to make file dialogs from the major toolkits use the portals file chooser.
However in this particular case, we can do better. There are a few directories that are not allowed now:
- /home
- /
- /media
Giving read access to each of the above is a minor information leak. For /home and /media, it is leaking the users on the system. However, the default profile alread allows access to /etc/passwd and getent, so the information is already available to the snap. ‘/’ is a minor information leak at best. Often times denials on ‘/’ indicate applications are doing the wrong thing and starting at ‘/’ and descending down into /usr/lib/…/foo/bar. In this case, it would make sense to go from /home/foo -> /home -> / -> /media -> /media/foo -> /media/foo/content (though I would argue for a smarter file chooser here since that UX is terrible-- you have to know things are in /media/foo/content to begin with), so I think allowing ‘/’ in the removable-media interface makes sense. I’ll make these adjustments.
UPDATE: I would also add /media to removable-media and /home and ‘/’ to the default