thanks for all the time and effort you put into this! I’ve developed a small cli tool that manages your audio book library. It reads meta data from the actual mp3/aax/… files and stores them in a user defined library file.
My problem is that audio book library tend to be large and used by multiple users so quite a few people I’ve talked to don’t store their libraries in their home folders but typically have some sort of “data volume”. From what I understand arbitrary file access is impossible in strict mode so here I am looking for another way
arbritary file access is not a criteria to get classic confinement granted (see the “unsupported” list on the page below)
for accessing externally mouted devices (as long as they are mounted in /mnt or /media) you can use the removable-media interface plug in your app though.
Thanks for the fast reply. Do you know if there is any way to link/mount an arbitrary folder so that it can be accessed using the removeable-media or home? From what I understand adding a symlink does not work because of how the confinement works? Is mounting something as a bind mount inside the home folder an option?
That way I could add a small hint to users that store files elsewhere.
yes, bind mounts work fine … though if you ask your users to bind mount you could as well just ask them to mount their disks under $HOME directly indeed …
(i’d still enable the removable-media plug for any users that simply plug in a usb disk with their audio books since that will make it work without tinkering)
From what I understand snaps can only access ~/snap/fbrary/... by default.
Is it reasonable to ask for the home interface to be able to read the home folder? And am I right in assuming that the home interface only allows read access?
correct, snaps can only access files under ~/snap/<snapname>/current|common (and their equivalent in /var/snap/<snapname> for services) if there are no interface plugs defined.
there is no need to ask for anything when using the home interface. on classic systems it always auto-connects … the home interface allows full RW access to any non hidden file or dir in $HOME …
Thank you for your patience. I have yet to ask again
I do not really want to use classic confinement. So if I use strict can I still read/write to the home folder using the home interface? I am unsure because
only talks about “access” and only lists options for reading all files. It seems to me that I would need to define read: all as well as write: all if I want to read files and write metadata changes back to the files.
I do not really want to use 
just keep them coming if you have more …