Recently @maciejolesinski requested access to personal-files for git-machete (which is now still in strict confinement). Unfortunately, the users reported a couple issues with the snap, here ordered by decreasing severity:
Since git-machete calls
git mergeunderneath, I needed to bake
viminto the snap in order to provide an editor for e.g. interactive rebase TODO list or commit messages. The problem that some people tend to use a different editor than vim for that purpose and I don’t want to bake in multiple editors into the snap (alongside with requesting access to their corresponding config files like ~/.vimrc).
Some unusual problems stem from the fact the version of git invoked by git-machete and the version of git invoked directly by the user can differ - see https://firstname.lastname@example.org/T for an example.
Analogically, a version of ssh (OpenSSH) can differ between snap and host - and snap by default reads config of ssh from the host (/etc/ssh/*). If host has a newer version of OpenSSH (e.g. 8.x on Fedora 31) installed than the one provided in core18 (7.x), then ssh is basically unusable from inside the strictly confined snap. I circumvented this by changing the layout to bind /etc/ssh/ directory from snap and not from the host… but that looks to me more like a hack than a proper solution.
In your assessment - can the issues 1-3 be reasonably addressed under strict confinement without compromising the usability of the software, or do they merit a switch to classic confinement?