The squashfuse man page mentions the following option:
-o allow_other
allow access by other users
I'm assuming that mounting with '-o allow_other' would allow normal users to run snap commands but we should think through whether or not this is safe to do.
Additionally, it looks incorrect that the 'rw' mount parameter is given. In a non-container, classic environment where squashfs is used, the 'ro' mount parameter is given:
It looks like the squashfuse mounts have the wrong mount parameters:
# grep /snap /proc/self/ mountinfo world/27 rw,relatime - fuse.squashfuse squashfuse rw,user_ id=0,group_ id=0 core/423 rw,relatime - fuse.squashfuse squashfuse rw,user_ id=0,group_ id=0
496 348 0:59 / /snap/hello-
497 348 0:60 / /snap/ubuntu-
The squashfuse man page mentions the following option:
-o allow_other
allow access by other users
I'm assuming that mounting with '-o allow_other' would allow normal users to run snap commands but we should think through whether or not this is safe to do.
Additionally, it looks incorrect that the 'rw' mount parameter is given. In a non-container, classic environment where squashfs is used, the 'ro' mount parameter is given:
$ grep /snap /proc/self/ mountinfo world/27 rw,relatime shared:32 - squashfs /dev/loop1 ro core/352 rw,relatime shared:33 - squashfs /dev/loop0 ro
83 24 7:1 / /snap/hello-
82 24 7:0 / /snap/ubuntu-