For my tfswitch application, I need access for my application to read and write to $HOME/bin
What is tfswitch?
The tfswitch command line tool lets you switch between different versions of terraform.
If you do not have a particular version of terraform installed, tfswitch will download the version you desire.
The installation is minimal and easy.
Once installed, simply select the version you require from the dropdown and start using terraform.
I see you could achieve your needs by plugging personal-files, but it does not look like the correct approach. The personal-files interface, is typically used to provide read-only access to top-level hidden data directories within a user’s real home directory in order to support importing data from existing applications where the snap is the clear owner of the target directory.
Have you explore the possibility of shipping the desired terraform versions into your snap instead? (i.e., add to stage-packages (if needed you can add apt repositories), or even build from source?)
I tried the method you suggested but snap has no write access to /home/ubuntu/bin (~/bin) .
What I am trying to do is create a symlink /home/ubuntu/bin/terraform -> /home/ubuntu/snap/tfswitch/common/.terraform.versions/terraform_1.0.3
Here’s my syntax:
Is it possible you could rely without the home interface and just use personal-files in this instance?
I’m not an expert here, but my assumption would be that an explicit denial is stronger than an explicit allow. Since the denial comes from the home interface itself, if you do without it, then the personal-files interface might work on the basis it’s an explicit allow that’s more specific than the usual base policy.
Obviously this is a solution that I wouldn’t be suggesting for any generic application because it’s cutting you off from the rest of $HOME (apart from $SNAP_USER_COMMON and $SNAP_USER_DATA), but having briefly read your requirements, maybe it’s good enough here?