While I think it is correct to discuss this as a candidate for classic (thanks @alexmurray), it is still not clear to me why it must be classic. In terms of ~/.config/*, while it might be inconvenient to enumerate all the directories for the clouds kontena supports, that is not typically a justification for classic confinement in and of itself.
I read the other topic for personal-files; can you comment on this statement: “The problem is that kubeconfig files can execute arbitrary binary with arbitrary cloud credentials to acquire authentication token/certificates. If kontena-lens cannot access those then it does not work at all from user perspective.”
If we take out ‘arbitrary cloud credentials’ since it is possible to enumerate the locations of cloud providers (see above), can you detail typical use cases for executing an “arbitrary binary”?
How is kontena driven to use these binaries? Ie, is it something like remote management or is it something that the user/admin of the system drives?