Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[docs] Clarify mount restrictions imposed by snap confinement #3554

Open
ricab opened this issue Jul 1, 2024 · 0 comments
Open

[docs] Clarify mount restrictions imposed by snap confinement #3554

ricab opened this issue Jul 1, 2024 · 0 comments
Labels
documentation needs triage Issue needs to be triaged

Comments

@ricab
Copy link
Collaborator

ricab commented Jul 1, 2024
edited
Loading

Description of documentation issue or suggestion

The documentation page for "mount" says

Because mounts are performed as privileged users (root on Linux and macOS, SYSTEM on Windows), they allow write access to the whole host operating system.

On Linux, this is only partially true: it does not hold if installed via snap.

Proposal to fix issue or enact suggestion

Explain that snap confinement prevents mounts outside of the /home directory (and to hidden files/folders in the /home directory) and possibly, removable media (depending on connected interfaces). Still, clarify that a user A with access to Multipass can still access mounts that a different user B was able to establish to B's home (i.e. outside of user's A home).

Additional context
https://snapcraft.io/docs/home-interface
https://snapcraft.io/docs/removable-media-interface
@ricab ricab added documentation needs triage Issue needs to be triaged labels Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation needs triage Issue needs to be triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ricab