экспериментирую со снапом.
естественно, нужно мочь читать и писать $HOME (настоящий, а не в песочнице).
поэтому в snapcraft.yml есть, помимо прочего, вот это:
plugs: [home, ...
выдержка из доки:
The snap defines 3 plugs for the home, network and network-bind interfaces. All but the home interface plug automatically connect to the provider's slot with the same name and are thus granted access to the relevant resources. As writing and reading to the /home part of the filesystem is considered a sensitive operation, the plug is intendedly not autoconnected for users upon snap installation. For security reasons, users must explicitly acknowledge that they agree for this app to access the filesystem.
While in the future users will be prompted in a more interactive way, at the time of writing, the way to grant access to the app to the /home filesystem is to manually connect the plug and slot ends of the home interface with this command: sudo snap connect youtube-dl:home ubuntu-core:home
соотв, делаю sudo snap connect myapp:home ubuntu-core:home
приложение не может ни читать, ни писать в $HOME.
выхлоп в dmesg:
17080.796669] audit: type=1400 audit(1468411157.011:1465): apparmor="DENIED" operation="mknod" profile="blah" name="/home/waker/blah" pid=560 comm="blah" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001
ЧЯДНТ?