Write access in the hidden directories for the ``am-okay`` program

Hi ! @Snapcrafters .

A few months ago, I requested classic confinement for optimal use for my am-okay program (already published on the snap store), a request that was rejected for reasons ??? .

Personally I use the deb (https://github.com/baldeuniversel/linux/tree/main/packages) version of the program to be able to have write permission where it’s possible (even if it means switching to root mode). That’s just a program that emulates cp and mv commands, but dynamically and of course some relevant innovations were added :slight_smile: .

Users of the program have pointed out to me, that there is a refusal to write to hidden directories in the user space itself (example in $HOME/.config).

I would like that, write access to be accepted on any directory (hidden or not) in $HOME (as classic confinement was not accepted for the program in question → am-okay).

Thank you for your help.

This won’t happen. The concept that snapped applications don’t get access to “any directory (hidden or not)” is part of the design. It’s intentional, to stop a malicious (or accidental) access to files which they should not. For example, to stop an application reading ssh keys, bitcoin wallets or encryption tokens.

The alternative is classic confinement, which allows full access to the filesystem. However, as you have discovered, there are rules around this. Developers can’t just expect classic confinement (or arbitrary hidden file access) because of the reasons above. There are exceptions - such as in the case of IDEs (like VSCode or Sublime Text).

There isn’t a workaround to this. It’s quite clear.

1 Like

Thanks for answering :slightly_smiling_face:.

I can understand, but this program in itself just emulates the cp and mv command.

In itself, It is a program linked to the Linux system itself. It was written with care.

Without classic confinement, its usefulness and power remain hampered.

Correct, without classic, it may function differently or incorrectly.

The answer is to rewrite the application so it doesn’t need classic, alert users that certain functions may not work, or… just not package it as a snap.

Thanks @popey .

I take note.