Debian 13:
$ uname -r
6.12.88+deb13-amd64
$ snap debug sandbox-features|grep confinement
confinement-options: classic devmode
$ snap debug confinement
partial
$ aa-enabled
Yes
Ubuntu (24.04):
$ uname -r
6.8.0-117-generic
$ snap debug sandbox-features|grep confinement
confinement-options: classic devmode strict
$ snap debug confinement
strict
$ aa-enabled
Yes
What does this mean, you ask? Well, basically every Snap package you thought was running isolated in it’s own little sandbox were running unconfined the whole time. The prorpietary app you removed the :home connection from, so it wouldn’t be able to access your home directory? Well, it could have exfiltrated all our private files in the meantime.
How is this not a bigger deal and how are Snaps ever to become mainstream when even today, more than 10 years after the introduction of snaps, you can’t run them sandboxed on a huge portion of Linux distros?
I mean I get the concern but I’d be surprised if even 1% of Debian users had any interest in running snaps
file a debian bug report against snapd.
If I had to guess, this isn’t a bigger issue because Snap is mostly pushed by Canonical. And in a bit of a weird way (proprietary backend, exclusive apps) so… reception in the rest of the Linux community is …mixed. To put it charitably. It’s probably not that relevant for most people outside of the Ubuntu ecosystem. And probably also not a priority for Canonical or the proprietary software vendors.
Exactly! I don’t understand why anyone in their right mind would use snap.
It may not be wise to use a Snap without first understanding the reputation/limitations of Snap.
seems the Debian Wiki has pretty much your take on it 😅
Hardly anyone but Ubuntu users use snap, because snap was created by Ubuntu, and their efforts to get other distros to adopt it never gained traction. Debian users are especially uninterested in using snap, and some people on Debian are ex-Ubuntu users who switched because they didn’t like snap.
Yeah this is it. I like snaps just fine but I also like Flatpaks and well, everyone else is using Flatpaks.
It’s not a big deal because the answer to the problem is “don’t run snaps”.
Because snap is an absolute abomination and no one in their right mind is loosing time maintaining it. If canonical whants to push their crap on debian too, they will need to put in the time to make it work. I really hope they are not making debian developers loose their precious time on this cancer.
Snaps is something you drink.
AFAIK only users who have it shoved down their throat by Ubuntu use snap packages.
Schnaps, not Snaps.
Because snaps is a Ubuntu thing, and not particularly widely used on Debian.
#rank name inst vote old recent no-files
2 util-linux 4000213 2110588 1172784 345252 371589
2258 snapd 19307 17314 846 1033 114
I actually don’t understand what use case snapd on Debian covers better than docker on Debian or snapd on ubuntu
Companies are more likely to use Ubuntu instead of plain Debian or another Debian-based distro on their workstations. No one in this chain aims to bring snap packages to other distros and ensure that they work properly there.
