For an interface I'm writing, I need to create a bind mount under
$XDG_RUNTIME_DIR. At present, I don't see a way to implement this, since the
Dir members of the
mount.Entry seem to be treated as plain strings with no chance to substitute any per-user data.
For my particular use case, I have the following constraints:
- The source and destination of the bind mount are in user-specific directories under
- The source directory will not persist past the end of the user's session(s), so the bind mounts shouldn't either.
While this could still be handled by a single mount namespace shared by instances of the app run by different users, it would probably be non-trivial to manage: when the second user runs the program it'd need to add a new bind mount to the existing namespace, and when users exit the program the bind mount would need to be removed.
There also seems to be some other road blocks here. Since I couldn't rely on any variable expansion, I tried hard coding the path
/run/user/1000, which should work for the first user on the system. When I tried to run an app using the interface, I got the following error:
$ snap run file-roller
cannot perform operation: mount --bind -o ro,nosuid,nodev /run/user/1000/doc/by-app/snap.pkg.file-roller /run/user/1000/doc: Permission denied
This source path definitely exists outside the sandbox, so I'm not sure why there is a permission denied error.