Comment 2 for bug 1620442

Jamie Strandboge (jdstrand) wrote :

On Touch we set the XDG_RUNTIME_DIR to a subdir of /run/user/*/..., had apparmor policy to allow that and created the directory for the app so it was always there. This has worked well for several years.

As such, it seems that a bind mount is not strictly necessary and on snappy we could:
1. add the apparmor rule: owner /run/user/*/snap.$SNAP_NAME/** mrwklix,
2. have snap run set XDG_RUNTIME_DIR=/run/user/$UID/snap.$SNAP_NAME/
3. have snap-confine mkdir XDG_RUNTIME

and then leave it at that. I believe this solves the dconf case. If a bind mount is determined to be required (I don't think it is and generally prefer to keep these to a minimum to keep things simpler, but please speak up if I'm missing something as to why it is required), then we simply tweak '1' accordingly (ie, owner /run/user/*/** mrwklix,) and add a 4th step to perform the bind mount.