Comment 7 for bug 1901586

Ian, would it be possible to consider mounting /usr/local/share/ca-certificates in the snap's mount namespace, similar to what is done for /etc/ssl ? Or would this present security concerns?

Alternatively, would it work for chromium to use the system-files interface to expose /usr/local/share/ca-certificates from the host in a read-only fashion?