Give snap access to full filesystem

snapd
#1

First of all sorry if this is the wrong category I wasn’t sure whether to choose snapd or snap.

I’ve seen that you can give snaps access to your home folder. But is there a way to give a snap access to all files which the current user has permissions for?

For example, I use the /tmp folder a lot. It helps me to keep my system clean because this way I cannot forget to delete files which I probably only need once (e.g. screenshots). Because I’m the only one with access to my system I’m not worried about others accessing my files. But the issue now is, that I cannot use a snap like GIMP to edit my screenshot without copying it to my home folder first. The same is with Discord, I cannot send my file because the snap has no access to the /tmp dir.

I hope you can help me with that.
Thanks in advance!

#2

I think a better control system is needed, but a little known fact about snaps is that you can access everything that is mounted under /mnt using the removable-storage connector.

This will still not work for all snaps, but I can confirm libreoffice, gimp, most browsers etc work perfectly fine for me.

#3

beyond the removable-media trick, portals should be able to provide a graphical app access to everything the user can access (they offer a file open dialog and transparently copy the file in a place the app can access)…

but /tmp is special in snaps, confinement makes sure each snap gets its own /tmp on startup to not be able to spy on other apps data, temporary stored credentials or caches …

#5

Ok, well this decision makes sense. I’ll probably just create a tmp folder in my home directory and create a script which deletes its contents at startup.

But thanks for your answer!

#6

i’d instead make it a mountpoint and mount a tmpfs on top of it, then you can be sure it is wiped on reboots :wink:

2 Likes
#7

Stumbling upon this thread today. With snapd, apparmor and the store maintained by Canonical, why not give users an option to configure directories a snap can access via the store ? That way apparmor profiles can be generated and for those locations not files need copying around.