Restrict access a specific dir in $HOME (e.g., ~/Download/firefox)

For any Flatpak, I have fine grained control over directory access. For example, I can restrict Firefox to a specific directory (e.g., ~/Downloads/firefox). However, I don’t see a way to do something similar with snaps. It seems to be all or nothing. Am I missing something?

The reason this is important to me is that I want to restrict some applications so that zero-days or supply-side attacks can limit the amount of data exfiltrated.

Sorry if this is repeat question (I didn’t see anything).

Doh! I have a simple work-around that works.

Step 1: snap disconnect firefox:home

Step 2: Set the Firefox down directory to $HOME/snap/firefox/download

Step 3: Link $HOME/Downloads/firefox to $HOME/snap/firefox/download

I am embarrassed to say I have almost 30+ years of experience with UNIX and Linux. However, I am new to Snaps.

I would like to know if there is more granular control of directory access that I am missing.

1 Like