@jdstrand - ok that makes a lot of sense (ie. snap content is untrusted, and if we launch via gnome-session or whatever - which is trusted - then we are launching untrusted from a trusted env without necessarily enforcing sandboxing etc).
@jdstrand - ok that makes a lot of sense (ie. snap content is untrusted, and if we launch via gnome-session or whatever - which is trusted - then we are launching untrusted from a trusted env without necessarily enforcing sandboxing etc).