I'd like to allow the snapped thunderbird RW access to the path /my/path. How can I do that?
- 609
2 Answers
Snaps are designed to include built-in confinement.
That confinement specifically prohibits access to random places in the filesystem.
So, essentially, snap packages are the wrong tool. They are not designed for this usage.
You have a couple options:
(Easy) You can use a different (non-Snap) source for the software that needs access to
/my/path(Intermediate) You can bind-mount your
/my/pathto a location that is permitted by confinement$ mount --bind /my/path /home/me/mounts/path(Advanced) You can muck about with AppArmor rules to permit each snap to access
/my/path
- 68,830
-
3I don't want to access random places. I want to allow
/data/$USERin addition to/home/$USERto allow users to place stuff intentionally in lower performance storage system. Does snap system allow adjusting system wide setting for this? – Mikko Rantalainen Oct 16 '24 at 18:06
Have a look at How to access files outside of /home in snap apps? The settings mentioned in this post can also be changed via Settings -> Applications -> Thunderbird. If you enable access for removable media then the snap should have access to removable media in /media/ and /mnt.
- 11
- 2
-
(1)
Settings -> Applications -> ThunderbirdDoesn't seem to exist on xfce (?). (2) The linked post does not seem to mention how to enable access to a specific folder (which is the main question). Do you happen to know that? – DarkTrick Jun 17 '24 at 15:37 -
settingsapparently meantgnome-control-center, which can be started viaenv XDG_CURRENT_DESKTOP='ubuntu:GNOME' gnome-control-center, if you're not natively running gnome or unity. – DarkTrick Jun 17 '24 at 15:53 -
Yeah, I was not clear on the Gnome Control Center part. I have found no straightforward way to do this. Maybe this post: https://askubuntu.com/questions/1220199/granting-access-to-an-additional-directory-to-snaps ? – ndx Jun 17 '24 at 15:58
-
Same. By the way, FYI: gnome-control-center did not show the removable media permission. – DarkTrick Jun 17 '24 at 16:03
/mntand/mediaare invisible to a confined app. If the snap package however is built with classic confinement (https://snapcraft.io/docs/classic-confinement) there are no restrictions, but those snap packages are harder to upload to the snapstore (for security reasons). A/my/pathdirectory would require classic confinement which is done at build time, and doesn't relate to the file-system permissions. – guiverc Jun 15 '24 at 05:09