On Fri, Jun 04, 2021 at 11:24:32AM -0500, Ted Gould wrote:
TL;DR: Makes sense. Happy for the fallback, is it possible you could suggest some code that works? Only asking because there's basically no way I could test that setup 😄
Sure, I can take a look to put together a patch. I have close to zero experience with snaps (as you could probably tell with my manipulation to strace it :) -- thanks for the tip), but I'll dig up some build instructions and give it a go.
Generally speaking you probably don't want to edit those as they'll be regenerated on the next update. For tuning apparmor (and this will be for all snaps, debs, etc) you want to use /etc/apparmor.d/tunables, and specifically in this case the home file for the directories. That'll change what is home for apparmor, and so then your snaps will get access to those directories. You should also be able to add stuff for getent, but I'm not sure exactly how that should work.
Right, I had a feeling that would end up being clobbered. Fortunately, those modifications don't seem to be necessary when running with unscd. Strangely, I have no problem accessing anything in /home from Inkscape, but it is just the bash subprocesses that complain about not having access to ~/.bashrc ...
+1, this is the script that needs to be modified: https://gitlab.com/inkscape/inkscape/-/blob/1.1.x/snap/local/scripts/inkscap...
Thanks, I'll start there.