http://bugzilla.suse.com/show_bug.cgi?id=1127366
http://bugzilla.suse.com/show_bug.cgi?id=1127366#c3
--- Comment #3 from Matthias Gerstner ---
So this works via set*id. That was the missing bit of information in the other
bug. That's why I wondered if we reviewed it already.
Reviewing set*id binaries will take a while longer. Also we don't want to add
any world accessible set*id binaries to the distribution. So please introduce
a separate group for accessing that like 'snapd', then use the following
permissions:
snap-confine 6750 root:snapd
Users will then need to become a member of that group to use it. We've done
the same for other container solutions relying on set*id. Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.