home permission required when it shouldn't be
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| snapd |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
Per the documentation linked below, a snap has to request and be granted home permission to use $SNAP_USER_DATA or $SNAP_USER_COMMON. I think this decision is extremely counterproductive. Requiring access to the entire home folder might come across the user as an unacceptable privacy violation, even if all I need is one folder to myself. And without this access, I cannot store any persistent data anywhere AFAIK. Therefore, I would be unable to store a preferences file or similar. This is basic, expected app functionality that snap would be blocking, hampering uptake of snaps. (Unless there is a technique not listed in the documentation, of course.) I believe that this should be changed.
documentation: https:/
| Changed in snapd: | |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
| Oliver Calder (ocalder) wrote | #1 |
| William Kent (wjk011) wrote | #2 |
Hello, thank you for your comment. The "Data Locations" documentation was unclear about this, and has since been corrected -- thanks for pointing this out. In short, snaps do have read/write access to $SNAP_USER_DATA and $SNAP_USER_COMMON without interfaces. See (1) for the updated description, and (2) for the relevant source code which defines the base apparmor template.
(1) https:/
(2) https:/