access to user-selected id_rsa file in their computer to make a ssh-stunnel to connect internal net Redis instance(the id_rsa folder may not limited to~/.ssh/, depends on users)
exec user customed commands such as /bin/php /home/xxx/unseialize.php --value {VALUE} to unserialize their value in Redis (they may select ‘/bin/php’ through a file dialog, and access to their script files)
I see your latest revision is successfully published using strict confinement, is plugging ssh-keys and is setting PATH and LD_LIBRARY_PATH which looks like the best approach to get the permissions you are requesting meanwhile ensuring your snap runs with the least privileges. Can you confirm this is still not enough?
I use node to get font list, which exec fc-list to implement it, but now it cannot work well
Custom script is allowed in App, our users can customize any script and exec them like /home/qii/.nvm/versions/node/v14.18.3/bin/node xxxx.js --a --b, but now it cannot work well