We recently added the capability to specify custom config files as cli arguments in to the UBports Installer. Nothing special, the user would just run something like
my-cool-snap -i ./path/to/file and the snap would read it. This of course will not work in strict confinement. I guess one way around it would be to use the
home plug, but that gives the snap way more permissions than it actually needs. I can’t imagine i’m the only one with this usecase, but i could not find anything about it. Excuse my naive question, but would it be possible to only grant the snap permissions to read (or also write, as that might be useful for some others usecases) to paths specified when launching the snap?
We put in some hours to get the Installer to work with strict confinement, so i really don’t want to go back to classic. Worst case we’ll just disable the input file option for the snap, as it’s mostly needed for developers.