Sharing a Unix Domain Socket between a daemon and an app

I have a snap that when installed, runs in the background and creates a unix socket at $SNAP_COMMON/deskconn.sock, I also made that sock shareable for other apps using content interface and that works fine.

The problem however is that I have not found a way to access the sock by a different app (apps stanza) of the same snap that provides the unix socket because that app runs as a normal user while the daemon is running as root and hence $SNAP_COMMON is different.

Is there a common place where a snap could create its Unix Domain Socket which both the daemon and a session level app can access ?

You should be able to use $SNAP_COMMON - while it is root owned, it is world-readable, so you can create a socket there and make it world readable/writable (i.e. permission mode 666) and that should allow all users on the system to access the socket. Note that you would need to implement another form of authentication/authorization since DAC would no longer be performed and effectively any user could send messages to or otherwise control the daemon that is running as root listening on the socket.

Additionally, sometime in the 2.41 timeframe, snapd will gain support for daemons dropping to uids/gids other than root, you can see the design for that here and here, though that won’t immediately solve your problem.