You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because mounts are performed as privileged users (root on Linux and macOS, SYSTEM on Windows), they allow write access to the whole host operating system.
On Linux, this is only partially true: it does not hold if installed via snap.
Proposal to fix issue or enact suggestion
Explain that snap confinement prevents mounts outside of the /home directory (and to hidden files/folders in the /home directory) and possibly, removable media (depending on connected interfaces). Still, clarify that a user A with access to Multipass can still access mounts that a different user B was able to establish to B's home (i.e. outside of user's A home).
Description of documentation issue or suggestion
The documentation page for "mount" says
On Linux, this is only partially true: it does not hold if installed via snap.
Proposal to fix issue or enact suggestion
Explain that snap confinement prevents mounts outside of the
/home
directory (and to hidden files/folders in the/home
directory) and possibly, removable media (depending on connected interfaces). Still, clarify that a user A with access to Multipass can still access mounts that a different user B was able to establish to B's home (i.e. outside of user's A home).Additional context
https://snapcraft.io/docs/home-interface
https://snapcraft.io/docs/removable-media-interface
The text was updated successfully, but these errors were encountered: