We have strictly confined snaps that need to do networking. This seems very straight-forward in the snap world, but we’re running into trouble with custom certificate authorities. The snap isn’t able to read the CAs on the host system and as a result, doesn’t trust things signed by the CA. This seems a fairly common thing to desire to just work in a snap, but I can’t find any interface related to this or a way to accomplish this without moving to classic confinement. Classic confinement is something we would like to avoid.
Has anyone solved this in a way that is clean and allows strict confinement?