7

Since Firefox in Ubuntu 21.10 became a snap app it does not see files in /tmp. I could of course remove the snap version and install an "ordinary" version, but this seems as a bad work around as I suspect that more and more apps will use snap. How can I give snap apps access to files outside /home? In this specific case, can I have a temporary directory in a dierctory available to a snap app?

Tommy Pollák
  • 1,069
  • A snap package by default runs in a confined environment which makes it more secure by default. This has been the case for some time for chromium. You can likely snap connect (see https://askubuntu.com/questions/1184357/why-cant-chromium-suddenly-access-any-partition-except-for-home) but I've not tested it on firefox as my package is still a deb (and I was on impish six months, now already on jammy as it converted to snap only in certain circumstances; I was outside of those cases even with ubuntu-desktop). – guiverc Oct 21 '21 at 08:41
  • 3
    Does this answer your question? How to allow snap applications to access /tmp folder? – N0rbert Oct 21 '21 at 20:35

2 Answers2

1

I have the following problems, because programs from snap do not have access to /tmp directory.

  1. Unable to edit screenshot by GIMP (installed from snap), because screenshot file is created within /tmp directory and then GIMP is invoked to open it.
  2. Unable to open file history on Dropbox from Thunar. Its Dropbox plugin provides feature "Version History", which creates temporary HTML file (with redirect to target file history page on dropbox.com) and then invokes browser to open it. Once browser is installed from snap it doesn't work.

In fact, there is no need to access system /tmp directory to solve such cases. Because all intercommunicating programs are run by the same unprivileged user, it's enough to point them to use another temporary directory location.

Here is the solution.

  1. Create tmp directory within your home:
mkdir ~/tmp
  1. Edit ~/.profile file adding:
# set TMPDIR within home, 
# so that programs from snap will have access to it
export TMPDIR=$HOME/tmp
export TMP=$TMPDIR
export TEMP=$TMPDIR
  1. Mount tmpfs to your /home/username/tmp so it will be cleaned up automatically, edit /etc/fstab adding:
tmpfs    /home/username/tmp     tmpfs   size=25%,uid=1000,gid=1000,user,mode=0700   0   1
Dmitry Vakhrushev
  • 111
  • One of the most interesting workaround I've read so far. It would be nice if you could elaborate on the option selected for /etc/fstab. – kFly Aug 09 '23 at 08:20
0

Is there a specific reason for you to grant Firefox access to the systemwide /tmp? Indeed, as part of the confinement, Firefox only sees its private /tmp.

Snaps can be granted connections through interfaces. These interfaces are quite specific, and include home for access to (visible only) files in the user's home directory, and removable-media for access to removable drives. What is more, these interfaces are available only if the developer implemented them in the snap package. Connecting to such interfaces, providing they are implemented in the specific snap, is your only way to give snaps access to directories and files outside /home.

A snap application has access to files and directories in its directory under ~/snap. So indeed you can create extra directories there, and the snap application will have access to them. However, no other snap application will have access there. In principle, you could link standard locations through to locations where a snap has access using symbolic links or mount binds, but only not confined applications next to the specific snap application will have access.

Still, it is difficult to provide a general answer here because an optimal solution depends on what you ultimately want to achieve. That does not necessarily involve a need to grant Firefox access to the systemwide /tmp.

vanadium
  • 88,010