An example snap confined “desktop”
What is a snap confined desktop?
A confined snap has limited access to the host system. That means that a confined desktop and other applications contained in the snap have limited access to the system they are running on.
Confined snaps can run both on “Classic” Linux and Ubuntu Core. That means a confined desktop snap can run both on “desktop” computers and embedded systems.
egmde-confined-desktop
Egmde is a simple desktop environment based on Mir and is used for demonstration purposes.
The “egmde-confined-desktop” snap confines egmde and a variety of applications to illustrate the possibilities.
Here are the commands needed to install and setup this snap:
snap install --beta egmde-confined-desktop
/snap/egmde-confined-desktop/current/bin/setup.sh
You may wonder why the “setup” script is needed: it connects some interfaces that need to connected manually and copies the .desktop file needed to register with the greeter. We are looking for a better way to do the latter.
Having set this up you can run the snap on an existing X11 desktop:
egmde-confined-desktop
You’ll find a variety of applications included, including QTerminal. But you will find that you cannot run all the commands on the system:
You can run applications that are in the snap:
If you sign out you can sign back in using the confined snap (sometimes it is necessary to reboot before it appears in the list):
Have fun! And remember, this desktop is confined, so your system is protected.