Improve handling of symbolic links

snapd seems to have a number of problems with symbolic links. To easily reproduce one case of this, you can do something like:

$ sudo mv /var/ /realvar
$ sudo ln -s /realvar/ /var
$ sudo snap install hello-world
hello-world 6.4 from Canonical✓ installed
$ hello-world
cannot perform operation: mount --rbind /var/snap /tmp/snap.rootfs_q3gMtv//var/snap: Permission denied

Other reports of this or very similar problems can be found:

This might need to be done on a case by case basis, but is there anything that can reasonably be done to improve the experience here? Can we make snapd handle these cases? Assuming that’s not feasible due to how snapd’s isolation works, can we improve the error messages? One idea would be to check for these kind of problems early and error out with a less cryptic error message.

We’re currently directing most of our users to install our project through snap, but a number of them have hit this problem. Any thoughts or help on improving their experience would be much appreciated.

no, it does not …

it is the kernel (or the LSM in use (apparmor)) that can not handle symlinks, snapd is just a consumer of the kernel feature here, noting can be done on a snapd level against this … to fix this, apparmor would have to be re-designed/enhanced