There are two issues here:
- filtering system calls that switch to a given user by user ID (e.g. 1004 or 67)
- creating unprivileged snap users
If we add argument filtering we need to do it by number. To make the number meaningful we'd have to create a user inside snapd and have snap-confine resolve that at runtime. Unless I'm missing something we cannot do one without the other. @jdstrand can probably correct me if I'm wrong.
We want to add a feature where installing a snap creates a specific unprivileged system user (or uses an existing one). This will always be tied to an interface, probably to a specific interface.
Btw, can you tell me what is the
bob user you mentioned? I realize it was just an example but if you have something specific in mind it might be easier to discuss.