You probably already know that, but just in case: running /snap/chromium/current/usr/lib/chromium-browser/chrome directly results in bypassing the snapd sandbox, so it's never a good idea (other than for testing/debugging purposes).
The proposed approach to solve this that was discussed with the security team is:
- stage common PKCS modules in the snap
- add a layout for /usr/lib/pkcs11 pointing to a writeable area of the snap (e.g. $SNAP_USER_DATA/.local/lib)
- on first run, copy the common PKCS modules to that writeable area
- document that custom modules (and their dependencies?) should be manually copied to that directory
- create a new interface (not auto-connected, that's okay) for access to /var/run/pcscd/pcscd.comm
I'm not familiar with how smart card readers work though, so feedback and suggestions are welcome.
This is similar to https:/ /forum. snapcraft. io/t/cant- load-security- device- in-firefox- snap/12471.
You probably already know that, but just in case: running /snap/chromium/ current/ usr/lib/ chromium- browser/ chrome directly results in bypassing the snapd sandbox, so it's never a good idea (other than for testing/debugging purposes).
The proposed approach to solve this that was discussed with the security team is: DATA/.local/ lib) pcscd/pcscd. comm
- stage common PKCS modules in the snap
- add a layout for /usr/lib/pkcs11 pointing to a writeable area of the snap (e.g. $SNAP_USER_
- on first run, copy the common PKCS modules to that writeable area
- document that custom modules (and their dependencies?) should be manually copied to that directory
- create a new interface (not auto-connected, that's okay) for access to /var/run/
I'm not familiar with how smart card readers work though, so feedback and suggestions are welcome.