Hmm actually after doing some testing it looks like the default AppArmor profile does allow a snap to stat a dot-file in $HOME - so it should be possible to test for the presence of ~/.kube and then prompt for this to be connected in that case. Thoughts?