Comment 4 for bug 1643706

FYI, the apparmor rule for browsing any directory is:

   /{,**/} r,

Also note that there is now a 'removable-media' interface that vlc, et al can use to be able to access /media/....

There is definitely a usability issue though because Seb is right-- it is a core feature of strict confinement that snaps cannot see other snaps, files, etc, but file choosers need to be able to do so and adding a rule like the one above breaks that. Adding another transitional interface to allow filesystem browsing and/or adjust home is possible....

The best long term answer is perhaps for the file chooser to run out of process from the snap so that the chooser can give the snap what the user selected and the snap doesn't need any extra privileges. This is in part what the content-hub on Ubuntu Touch and Personal is designed for. For general purpose use, this technique requires help from the system (ie, the privileged file chooser service, which could be a slot implementation snap), an interface to use the service and for the snap to plugs that interface and actually use the service (either it is changed to do so or the popular toolkits are updated to do it behind the scenes).

Fixing this bug requires design. Gustavo, do you have thoughts?