TL;DR Is there any supported way to mount a tmpfs filesystem within a snap in a manner that supports read/write access to applications of the same snap without sudo?
Some Background …
I have a snap with applications that require the use of an in-memory (i.e. RAM only) read/write filesystem. To address this, I am attempting to mount a tmpfs that will be user-writable to applications in the snap. I can do this with a classically confined snap, but the goal is to be able to package our applications as a strictly confined snap.
So far, I have found that I can mount a tmpfs without any problems using the mount-control interface, however, the mount-control interface only permits
$SNAP_COMMON, and “/” as the start of the
where parameter. The ability to start with “/” does not seem to provide a workaround because, if I provide a path like,
/home/user/snap/snap_name/common/mymount, it fails to mount. That is true even with the
home plug connected.
The fact that the
$SNAP_COMMON directories are owned by root and the lack of support for the uid/gid parameters for tmpfs, necessitates using
sudo for write access. Providing a
mode=0777 during the mount also seems to get overridden by the mode
mode=0x775. I don’t understand the need for this limitation when the interaction is between an application provided by the snap and its snap directories. It seems a bit unnecessary to have to run an application with elevated privileges to be able to interact with a tmpfs filesystem that the snap mounted itself.
So I am left wondering…
Is there any supported way to mount a tmpfs filesystem within a snap in a manner that supports read/write access to applications of the same snap without sudo?