5

I'd like to allow the snapped thunderbird RW access to the path /my/path. How can I do that?

DarkTrick
  • 609
  • A standard confined snap package cannot see your root file-system, thus directories outside of $HOME or /mnt and /media are invisible to a confined app. If the snap package however is built with classic confinement (https://snapcraft.io/docs/classic-confinement) there are no restrictions, but those snap packages are harder to upload to the snapstore (for security reasons). A /my/path directory would require classic confinement which is done at build time, and doesn't relate to the file-system permissions. – guiverc Jun 15 '24 at 05:09
  • Have you tried the "homedirs" option of snap ? https://snapcraft.io/docs/home-outside-home – Marco Jun 15 '24 at 13:15

2 Answers2

3

Snaps are designed to include built-in confinement.
That confinement specifically prohibits access to random places in the filesystem.

So, essentially, snap packages are the wrong tool. They are not designed for this usage.

You have a couple options:

  • (Easy) You can use a different (non-Snap) source for the software that needs access to /my/path

  • (Intermediate) You can bind-mount your /my/path to a location that is permitted by confinement

    $ mount --bind /my/path /home/me/mounts/path

  • (Advanced) You can muck about with AppArmor rules to permit each snap to access /my/path

user535733
  • 68,830
  • 3
    I don't want to access random places. I want to allow /data/$USER in addition to /home/$USER to allow users to place stuff intentionally in lower performance storage system. Does snap system allow adjusting system wide setting for this? – Mikko Rantalainen Oct 16 '24 at 18:06
1

Have a look at How to access files outside of /home in snap apps? The settings mentioned in this post can also be changed via Settings -> Applications -> Thunderbird. If you enable access for removable media then the snap should have access to removable media in /media/ and /mnt.

ndx
  • 11
  • 2
  • (1) Settings -> Applications -> Thunderbird Doesn't seem to exist on xfce (?). (2) The linked post does not seem to mention how to enable access to a specific folder (which is the main question). Do you happen to know that? – DarkTrick Jun 17 '24 at 15:37
  • settings apparently meant gnome-control-center, which can be started via env XDG_CURRENT_DESKTOP='ubuntu:GNOME' gnome-control-center, if you're not natively running gnome or unity. – DarkTrick Jun 17 '24 at 15:53
  • Yeah, I was not clear on the Gnome Control Center part. I have found no straightforward way to do this. Maybe this post: https://askubuntu.com/questions/1220199/granting-access-to-an-additional-directory-to-snaps ? – ndx Jun 17 '24 at 15:58
  • Same. By the way, FYI: gnome-control-center did not show the removable media permission. – DarkTrick Jun 17 '24 at 16:03