sorry I should have made this more clear in my other post response, but no refresh-app-awareness works for all snap apps, not just desktop ones. It works by looking at what processes are in the tracking cgroup for a snap, so any snap app that is started through snap run (read: all of them) will end up in this tracking cgroup and if this set of processes is empty, the refresh proceeds, if it’s not empty we make a best effort to display a graphical notification for users with a graphical session, otherwise we will just leave a message in the snapd log, or if the user was manually trying to refresh the snap with snap refresh, they will see a message like I posted in the above screenshot
3 Likes
Wait, that doesn’t make sense. Doesn’t that imply that, assuming 100% uptime, ALL updates to my Nextcloud snap will be delayed by 60 days? Because that’s running headless.
Forgive my brevity, all snap apps that are specifically not daemons in the snapcraft.yaml, snap apps run through systemd via a daemon: ... declaration in the snapcraft.ayml are put into a different cgroup (one that systemd manages).
2 Likes
Ah, so to correct my above statement then: this WILL work for CLI apps that lack a desktop file, but will not work for services. Correct?
1 Like
Yes refresh-app-awareness will work for all CLI apps and all desktop apps, but refresh-app-awareness does not take into account any services, since there are already other mechanisms for services to affect their behavior when refreshes happen, including stop-command, refresh-mode: endure, etc. We also as a part of the refresh app awareness work are adding a hook that is run for snaps when they are about to be refreshed so they can do something themselves with the event (as well as request a delay). For services, we are introducing a hook that will run when there is a refresh available and about to be performed, the hook will get information about the refresh and then the hook can notify the user or ask the user if they want to do the refresh if there is some form of interactive component (think like a kiosk or a webpage management thing), and finally the hook can actually delay the refresh for up to 48 hours I think giving the service a chance to handle some stuff before the refresh is performed.
4 Likes
You’re right that it’s very strange position for a security-oriented person to argue. However, the experience I’ve had with matterhorn has not been good and it only rarely gets updates. Every time it dies when I open an attachment I think that I ought to switch away from the snap to something I manage myself.
But matterhorn is one little application – Firefox is used by tens of millions of people, it is updated far more often, and I absolutely do not want my matterhorn experience writ large across millions of Firefox users.
It sounds like the Firefox situation will be less painful than the matterhorn situation because of packaging choices. Good.
It sounds like most people get notifications when these updates are available. Good.
I think snap needs to ship the refresh-app-awareness switch; I think this should be done several years ago. I still think snap needs to address upgrades in a more holistic way – this is, after all, the number one complaint I hear about snap from everyone who has considered snap and then discarded it. But that’s a larger conversation than just the Firefox snap.
Thanks
3 Likes
Good, I have been using snap version for a long time and have been very happy with it. I am also Thunderbird snap user as well, hope that will replaced .deb file soon and that has been a very good and solid user experience on my end.
7 Likes
@kyrofa whilst we do relax the snap sandbox to allow firefox to implement it’s own sandbox, this is still an additional (but more relaxed) layer of confinement compared to a deb/native binary running with no additional confinement - so things like restricting access to dot files (like ~/.ssh / ~/.gnupg etc) still get enforced for a firefox snap, which doesn’t happen with the old firefox deb etc. Things like apparmor prompting or better advances in seccomp filtering, or perhaps even Landlock etc could allow more fine-grained and user-responsive confinement in the future too.
6 Likes
Will Firefox snap (and others like Chromiun) be updated to use only Yaru light and dark? Since 21.10 does not have mic theming any more.
This set of AppArmor rules are effectively a union of the permissions needed by Chrome’s sandbox with those needed by Firefox’s. Chrome/Chromium definitely needs it for its setuid root chrome-sandbox executable, but it’s not clear Firefox is using anything similar (it .
Maybe it would would be better to have separate options for Chrome sandbox vs. Firefox sandbox, but it is worth remembering that there are other things in place to mitigate problems:
- The base AppArmor template includes a whitelist of executables from the
coreNNbase snap that Firefox will be able to execute, which should prevent it from running the setuid executables found there. - The automated checks in review-tools check to make sure snaps don’t unexpectedly ship their own setuid or setgid executables. The override allowing the Chromium snap to ship
chrome-sandboxdoes not automatically extend to the Firefox snap.
Does that help?
3 Likes
Simple long-time-snap-user point of view:
- snaps do work well now
- Firefox snap works very well & I did not notice any slowdown
- except during 1st startup, but waiting 1 or 2 seconds per day seems acceptable to me
- I did install Debian 11 on another laptop recently and snaps allow to use this OS running updated softwares
- Thunderbird 91 snap (I installed 21.10 on my laptop, so that’s not an upgrade) works very well nowadays (the new-profile on upgrade bug patch is on the go)
BUT: - I should have the choice to avoid automated snap upgrades without manually holding refresh
- at least be notified of snap upgrades that have been made
- background upgrades while using an upgraded app is a big issue (I agree this should be effective now)
- there are still some fontconfig cache caveats (new 21.10 install, VLC snap was not starting until I deleted fontconfig cache, and because I knew the trick, that’s far from obvious including for an experienced user)
- snap-store snap is still so buggy (at the moment, stable or edge versions do not find any updates on my pc, sometimes tell me that I do not have an Internet connection, and so on…)
- there are still some ugly fonts issues, for any reason that lasts for years now (here LO but same thing happens sometimes with snap-store for example)
- Debian 11 is very very superior for user POV updates system because all relies on GNOME Software (deb, snap, firmware), that works and notifies very cleanly any basic user (= my wife)
5 Likes
Snap is slow, and browser can’t be slow
I have been using firefox snap since it was released. It is a bit slow on start but after that you won’t notice the difference
Does H/W acceleration work? I remember Chromium snap rendering everything on CPU. And that https://forum.snapcraft.io/t/gpu-support-proposal/11247 is still unresolved?
1 Like
How can I check that?
I know about:support but don’t know if this info is included correctly.
Yes, there is a ‘graphics’ section in about:support with detailed information on the use of your GPU.
but:
What does that mean?
2 Likes
Regarding the ugly fonts I have submitted on Snapcraft but it seems to have not really been answered yet.
2 Likes
Just checked FF snap on my machine and animations and videos don’t load the CPU – very nice!
4 Likes
If this is not documented, it should. If it already is, do you have a link handy? We should share this more.
It will be documented when we make the feature non-experimental, we could probably start writing that documentation now though and just not publish it on the docs site and just leave it on the forum until it’s ready