What is the rule to assign confinement policies to snaps?
I want to access Images in /data/Docs:
- i can do it with blender
- I can’t with gimp…
Why?
See the Blender snap post, having Blender strict is actually the goal. Would the removable-media interface work for you, you’d have to move /data/ to /media/ though.
Another solution would be Desktop portals, but GIMP would have to be made aware of portals.
/data is not a standard location so it’s unlikely that there will be an interface for that.
1 Like
@Saviq would storing docs in the home folder also work?
Oh yeah, that’s via the home interface, and that one’s even autoconnected.
A quick workaround is to create a bindmount from /data to ~/data, that will allow you to access the files via $HOME/data/Docs for the time being
yes but it is not desktop user friendly: a standard user should not have to manage mounts like that.
why not allowing an admin to add custom path (and secured , since admin know them) to allowed paths, for any snap, for every user sessions?
A standard user would not manage mount at all IMO and all mounted generic filesystems should be under /media.
why using /media is more secure than using original mounts directly?
I found no posts claiming /media is more secure… :-/ It’s just one of the path defined in the File Hierarchy Standard.
BTW now /mnt is also accessible with the removable-media interface.
A concern is why we don’t support explicitly poking holes in the confinement by the superuser just like Flatpak does.