The ‘home’ interface currently only allows read/write, not exec. The fix would be a simple policy change, but I’m not sure it is appropriate for this interface.
@niemeyer - what are your thoughts? It is a transitional interface, and adding ‘ix’ rules would mean that anything the snap executed would inherit the snap’s security policy, so there isn’t a secure concern. That said, there is a potential usability issue when two snaps that plugs home but have otherwise different plugs will find that the same binary in the user’s home behaves differently. Eg, snap ‘foo’ plugs ‘network-observe’, ‘bar’ does not, the user has ~/bin/baz that calls ‘netstat’ which works when called from ‘foo.cmd’ but not ‘bar.cmd’.