Ubuntu – How do snap applications, snappy security R/W restrictions, and user files work


I understand how snaps are restricted in the R/W access by design – I'm just wondering how this works/what the design plan is as regards user home directories – Eh, shouldn't an application that involves custom user generated files have access to the whole of /home/username/* ?

Eg: I just installed the libreoffice snap and I can't access my old odt files as they're in custom directories – catagorised by project etc – all over my home folder…

Do I need to now conform to the use of a "My Documents" folder after years of preferring to store documents in a separate project directories instead?

Just wondering what the design decision was – not arguing! Thanks!

Best Answer

Snap commands (the binaries that the snap makes available to the system) are each associated with a set of "plugs" and "slots" which represent the ways the snap can "connect to other things".

There is a plug called "home" and if you associate that with your snap command then it will have read access to ~/ but not to dotfiles or dot-subdirectories (to avoid leaking things like .ssh/ credentials).

We are working to add the ability for the plug to explicitly list some dotfiles that it wants to read, for special cases, but the average app just needs "the documents in ~/" and the 'home' plug does that nicely.

I'm surprised that the libreoffice snap is not doing this already, either its a bug or I have misunderstood things somewhat :)