Read-only access to binaries within app


Hi –

Trying to snap a GTK app. One of the features of the app is that it allows a user to choose a binary to edit a file within the project. (E.g. /usr/bin/gvim ~/project/foo.txt, /usr/bin/gedit ~/project/foo.txt).

When I run my snap, I’m not allowed to see /usr/bin/gedit because of strict confinement, which I get. When I use classic confinement everything seems to work.

Just wanted to check to see if there was a way to access read-only binaries in /usr/bin that I didn’t explicitly include in my snap as dependencies without requiring classic confinement.

(Graham pointed me at this: Missing commands in /usr/bin, which seems to indicate that no, classic confinement is necessary in my case – thanks, Graham!).



Set the xdg-open command to let snapd use the user default application to open a file

Filezilla can't access certain binaries with strict confinement

This is an interesting idea but I’m not sure it works for my app, at least as I understand xdg-open/mime.

My app is designed to help writers manage long-form drafts in the form of many markdown documents. The app they choose to open those files for editing wouldn’t necessarily match what they choose for editing markdown globally.

For example, if I spend the vast majority of my time editing technical documents as markdown in gvim (and therefore have text/markdown set to open with gvim by default), I might want to use a different markdown editor like Typora when I’m editing a novel without changing anything globally.


This is the same functionality that came up here: Classic confinement request: draftman.