As Nathan correctly suggest, this behaviour relates to a snapd 2.62 new ability introduced for the personal files interface, to create missing parent directories of write paths/files indicated in the plug declaration. Release notes: https://forum.snapcraft.io/t/the-snapd-roadmap/1973
isPlausibleHome() is an early check (does not result in termination itself) to determine if the calling user have access to its supposed home directory, as a basic way to verify that unintended user cannot exploit the mechanism.
In the reported case the personal-files interface connection results in a special type of mount entry
that instructs creation of missing parent directories between $HOME and $HOME/.local/share.
Because this entry exists (when the interface is connected), the result from isPlausibleHome() informs if directory creation within $HOME should be allowed or not. This is way disconnecting the interface would solve the problem.
(1) Please `stat /home/department/user_name`
(2) Does the "permission denied" result in any AppArmor denials?
As Nathan correctly suggest, this behaviour relates to a snapd 2.62 new ability introduced for the personal files interface, to create missing parent directories of write paths/files indicated in the plug declaration. Release notes: https:/ /forum. snapcraft. io/t/the- snapd-roadmap/ 1973
isPlausibleHome() is an early check (does not result in termination itself) to determine if the calling user have access to its supposed home directory, as a basic way to verify that unintended user cannot exploit the mechanism.
In the reported case the personal-files interface connection results in a special type of mount entry
that instructs creation of missing parent directories between $HOME and $HOME/.local/share.
none $HOME/.local/share none x-snapd. kind=ensure- dir,x-snapd. must-exist- dir=$HOME 0 0
Because this entry exists (when the interface is connected), the result from isPlausibleHome() informs if directory creation within $HOME should be allowed or not. This is way disconnecting the interface would solve the problem.
(1) Please `stat /home/departmen t/user_ name`
(2) Does the "permission denied" result in any AppArmor denials?