Comment 2 for bug 1630789

It looks like the squashfuse mounts have the wrong mount parameters:

# grep /snap /proc/self/mountinfo
496 348 0:59 / /snap/hello-world/27 rw,relatime - fuse.squashfuse squashfuse rw,user_id=0,group_id=0
497 348 0:60 / /snap/ubuntu-core/423 rw,relatime - fuse.squashfuse squashfuse rw,user_id=0,group_id=0

The squashfuse man page mentions the following option:

     -o allow_other
              allow access by other users

I'm assuming that mounting with '-o allow_other' would allow normal users to run snap commands but we should think through whether or not this is safe to do.

Additionally, it looks incorrect that the 'rw' mount parameter is given. In a non-container, classic environment where squashfs is used, the 'ro' mount parameter is given:

$ grep /snap /proc/self/mountinfo
83 24 7:1 / /snap/hello-world/27 rw,relatime shared:32 - squashfs /dev/loop1 ro
82 24 7:0 / /snap/ubuntu-core/352 rw,relatime shared:33 - squashfs /dev/loop0 ro