Code review comment for lp:~chipaca/snap-confine/unshare

Here are the changes need to make the apparmor profile work (requires the two inline changes that I mentioned):

=== modified file 'debian/usr.bin.ubuntu-core-launcher'
--- debian/usr.bin.ubuntu-core-launcher 2015-05-08 16:50:56 +0000
+++ debian/usr.bin.ubuntu-core-launcher 2015-05-20 20:12:09 +0000
@@ -50,7 +50,10 @@
     # read apparmor to figure out if we need cgroups
     /var/lib/apparmor/clicks/* r,

- # make /tmp/ private, and bind-mount a private /tmp
+ # set up snap-specific private /tmp dir
+ capability chown,
+ /tmp/ w,
+ /tmp/snap.*/ w,
     mount options=(rw private) -> /tmp/,
- mount options=(rw bind) /tmp/snaps.[0-9]*/**/tmp/ -> /tmp/,
+ mount options=(rw bind) /tmp/snap.*/ -> /tmp/,
 }