AFAICT:
- Snap services are currently run as root but with enforced security confinement
- The home interface grants regular files access to the running user’s $HOME
However when I made a daemon snap access /root I got an audit error:
audit: type=1400 audit(1555830781.214:701): apparmor="DENIED" operation="open" profile="snap.uhttpd.uhttpd" name="/root/test_uhttpd/" pid=21300 comm="uhttpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Is it possible to allow file access under the /root directory to snap daemons?