# Pastebin tx6qPpbI
diff --git a/cmd/snap-confine/mount-support.c b/cmd/snap-confine/mount-support.c
index f299d9c51..ea9eebb4f 100644
--- a/cmd/snap-confine/mount-support.c
+++ b/cmd/snap-confine/mount-support.c
@@ -538,6 +538,7 @@ void sc_populate_mount_ns(struct sc_apparmor *apparmor, int snap_update_ns_fd,
                        {"/dev"},       // because it contains devices on host OS
                        {"/etc"},       // because that's where /etc/resolv.conf lives, perhaps a bad idea
                        {"/home"},      // to support /home/*/snap and home interface
+                       {"/var/lib/jenkins", .is_optional=true}, // to support jenkins's HOME directory
                        {"/root"},      // because that is $HOME for services
                        {"/proc"},      // fundamental filesystem
                        {"/sys"},       // fundamental filesystem
diff --git a/cmd/snap-confine/snap-confine.apparmor.in b/cmd/snap-confine/snap-confine.apparmor.in
index 0ee702b28..6a19a04df 100644
--- a/cmd/snap-confine/snap-confine.apparmor.in
+++ b/cmd/snap-confine/snap-confine.apparmor.in
@@ -494,4 +494,12 @@
     /{,var/lib/snapd/}snap/core/*/usr/lib/snapd/snap-discard-ns rix,
     /var/lib/snapd/hostfs/{,var/lib/snapd/}snap/core/*/usr/lib/snapd/snap-discard-ns rix,
 
+    # As a special exception, allow HOME to be /var/lib/jenkins
+    /var/ r,
+    /var/lib/ r,
+    /var/lib/jenkins/ rw,
+    /var/lib/jenkins/** rw,
+
+    mount options=(rw rbind) /var/lib/jenkins/ -> /tmp/snap.rootfs_*/var/lib/jenkins/,
+    mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/jenkins/,
 }