This directory needs to be somewhere that the client snap has access to, the client snap will not be cups
(well except in the case of cups test utilities, but that’s a special case and can easily be handled separately), so it will not have access to /var/snap/cups
. The directory you provided is the source of the bind mount, here I’m asking about the destination of the bind mount, i.e. somewhere in the foo
snap that firefox would use to do printing things, the foo
snap can only access /var/snap/foo/common
, it cannot access /var/snap/cups/common
, but using the bind mount we could put the cups snap socket inside the foo
snap somewhere like /var/cups-snap/cups.sock
that doesn’t conflict with anything else, and also the cups
interface provides the necessary policy snippets to allow foo
to access /var/cups-snap/cups.sock
.
Unfortunately, currently in snapd only the content interface is allowed to be used with default-provider
, however we may expand this policy, but expanding that policy I think will take a bit longer than the time to just change the cups
interface, so this content interface is a short-term workaround as we enable default-provider for other interfaces like cups
.