browsers and other apps packaged as snaps can't read files under ~/.local/share/

Chromium:

$ chromium file:///home/j/.local/share/jupyter/runtime/nbserver-45601-open.html
Gtk-Message: 18:55:47.022: Failed to load module "appmenu-gtk-module"
Gtk-Message: 18:55:47.023: Failed to load module "canberra-gtk-module"
[46086:46165:0128/185547.162380:ERROR:object_proxy.cc(642)] Failed to call method: org.freedesktop.DBus.ListActivatableNames: object_path= /org/freedesktop/DBus: org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.183" (uid=1000 pid=46086 comm="/snap/chromium/1878/usr/lib/chromium-browser/chrom" label="snap.chromium.chromium (enforce)") interface="org.freedesktop.DBus" member="ListActivatableNames" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)

(chrome:46086): dbind-WARNING **: 18:55:47.242: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Permission denied
[46178:46178:0128/185547.282857:ERROR:sandbox_linux.cc(378)] InitializeSandbox() called with multiple threads in process gpu-process.
Fontconfig error: Cannot load default config file
[46086:46159:0128/185550.969823:ERROR:chrome_browser_main_extra_parts_metrics.cc(227)] START: ReportBluetoothAvailability(). If you don't see the END: message, this is crbug.com/1216328.
[46086:46159:0128/185550.969872:ERROR:chrome_browser_main_extra_parts_metrics.cc(230)] END: ReportBluetoothAvailability()
[46086:46160:0128/185551.087333:ERROR:udev_watcher.cc(98)] Failed to begin udev enumeration.

Access to the file was denied
The file at file:///home/j/.local/share/jupyter/runtime/nbserver-45601-open.html is not readable. It may have been removed, moved, or file permissions may be preventing access.
ERR_ACCESS_DENIED

For any other file it is reproducible as simple as

```
mkdir -p ~/.i/love/dot/folders
echo "HELLO, SNAP!" > ~/.i/love/dot/folders/hello.html
firefox ~/.i/love/dot/folders/hello.html
chromium-browser ~/.i/love/dot/folders/hello.html
```

Fantastic user-friendless!

Unfortunately this is by design: the snapd "home" interface allows access to all files in a user's home, except from the "snap" dir and all toplevel hidden directories. So,

    ~/.i/love/dot/folders

is not allowed, but

    ~/i/.love/dot/folders

is. The point is that toplevel hidden directories in your home dir generally do not contain user data, but configuration, cache, and other data which we generally don't want applications to mess with.
I wonder if we should make an exception for "~/.local/" or "~/.local/share/", though, since that generally contains data which could potentially be useful for applications.

Right, and in this regard it's not a chromium or firefox -specific problem, it potentially affects all snaps.

Can you access the notebooks when browsing to http://localhost:8888/ or http://127.0.0.1:8888/ though?

Yes, 8888 works.

Then snap has bad impractical design.

> I wonder if we should make an exception for "~/.local/" or "~/.local/share/", though, since that generally contains data which could potentially be useful for applications.

I think that's risky. Off the top of my head ~/.local/share/Trash is where files go when you remove then in Nautilus, or the fish shell stores history under ~/.local/share/fish. I'm pretty sure digging harder you could find more potentially interesting files.

Status changed to 'Confirmed' because the bug affects multiple users.

if we have a few popular softwares relying on special paths as .local/share/jupyter perhaps could we allow firefox and chromium to access those somehow? if not an alternative would be to change the jupyter package in the ubuntu archive to use a directory which is accessible to snaps

Would it make sense to propose an update to the browser-support interface to allow read access to $HOME/.local/share/jupyter ? If it's not totally unreasonable I'm happy to do it.

@Olivier, if we can do that from the interface I think that's probably the easiest way to address the issue now

For the record, I've opened a discussion in the jupiter-notebook forums: https://github.com/jupyter/notebook/discussions/6436

For reference: https://github.com/snapcore/snapd/commit/561783b88bb.

Fixed in snapd 2.57.