I started decomposing that branch and landing small and simple chunks. I will get to the most important and essential change soon. Hopefully this will all be merged in a day or two.
After a lot of review and redesign, the first version of this feature is in snapd master now:
https://github.com/snapcore/snapd/commit/96990385aae8113605085efc1b81c0db72a3eb22
Among other things this involved coming up with a new way to securely perform bind mounts on directories controlled by the user, which I wrote up here:
https://blogs.gnome.org/jamesh/2018/04/19/secure-mounts/
The next step is to use this infrastructure to enable access to xdg-document-portal in the desktop interface, which is a prerequisite to use most of the interesting features of xdg-desktop-portal.
1 Like