Comment 1 for bug 1599234

Thank you for filing a bug. I think this is the wrong way to handle this with the current implementation since snaps are created with -all-root and therefore any suid/sgid files would automatically be root. An implementation that supports suid/sgid unconditionally in snaps that worked meaningfully for the snaps would need very careful design.

I think the proper solution would be to not use the setuid sandbox but instead use the userns sandbox once it is supported (bug #1586547). Using the userns sandbox will allow the snap to work in devmode today. To make the snap work in strict mode today (ie, while 1586547 remains open), you can disable the chromium sandbox and rely on snapd's security policy.