> Actually, I think I'd prefer this, unless there is a really compelling otherwise (ie, read-only):
> # Allow scopes to share data with the app shipped in the same click
> owner @{HOME}/.local/share/@{APP_PKGNAME}/ r,
> owner @{HOME}/.local/share/@{APP_PKGNAME}/** mrkl,
Just double-checking here... Earlier, in comment #9, you said that we couldn't drop the leaf-net and unconfined directories, but your suggestion does drop these.
> Actually, I think I'd prefer this, unless there is a really compelling otherwise (ie, read-only): /.local/ share/@ {APP_PKGNAME} / r, /.local/ share/@ {APP_PKGNAME} /** mrkl,
> # Allow scopes to share data with the app shipped in the same click
> owner @{HOME}
> owner @{HOME}
Just double-checking here... Earlier, in comment #9, you said that we couldn't drop the leaf-net and unconfined directories, but your suggestion does drop these.