Work around a snap permissions issue

I’m trying to use the Natron snap. However, it can’t access the filesystem, rendering it useless to me. There’s no way to file bugs against snaps, and even if there were, doing so could fix the problem in the future, not now. How can I make snap grant filesystem access? I tried passing --classic, but that failed with the message:

Warning: flag --classic ignored for strictly confined snap natron

How can I work around this?

you simply can not …

but any strict snap can always write to ~/snap/<snap name>/current/… as an interim until the bug is fixed you can copy files there to work with them.

This is not an acceptable answer to this question. There is always a way. This bug is too old and has too much potential impact for it to still exist with no workaround.

There is no bug here … granting the --classic switch to snap packages requires the snap to go through a security review process and requires the snap developer to request this process and to lay out why strict confinement can not be used.

Snaps installed with --classic have full root permissions to the system (like deb packages), this is nothing that can be easily granted for snapped software that you do not have any control over.

1 Like

That being said it would really be helpful if an user could manually poke holes to the confinement, as long as they know what they are doing…

and they can :slight_smile: you can always bind mount things into writable places or you can force the snap into devmode (losing updates though).

but the proper way is to ask the maintainer to enable/request the home, personal-files, system-files, system-backup and/or removable-media interfaces though …

a strict snap comes with a security promise, checks if a snap follows this promise happen at upload time (which is one of the reasons for a central store), after this the snap is pretty much out of our control …

… that said, there could probably be an extra-writable-dirs interface one day that allows for user-defined additional writable places per snap configured locally but thats surely non-trivial to implement and not something to come around the corner next week :slight_smile:

1 Like