Code review comment for lp:~chipaca/snap-confine/unshare

The changes in this MP can be used by an unprivileged user to grant access to files/directories that are not intended to be reachable by that user.

For example, assume that mode on /root is set to 700, meaning that an unprivileged user cannot enter the /root directory. If a user running ubuntu-core-launcher sets SNAP_APP_TMPDIR to /root/foo, ubuntu-core-launcher will fail if /root/foo does not exist. However, it will succeed when /root/foo does exist.

Also, if /root/foo/bar was (lazily) set to be world-readable, then it could opened for reading at /tmp/bar.