The sandbox isn’t a singular feature. Turning off the explicit sandbox features is devmode.

Classic is also turning off e.g., the Mount Namespace. This lets your snap view the filesystem as if it were installed natively, and therein lies the issue, your snap is now exposed to a foreign environment and becomes at increased risk of breakage due to the host.

On a more specific technical level, that means using e.g., binary patching for runpath VS relying on the Mount Namespace to rewrite e.g., /usr/lib, which wouldn’t be doable without breaking the GPG checksum - the maintainer would have to explicitly repackage this as a classic snap.

Some ecosystems fare better than others for classic snaps. To me, and possibly somewhat incorrectly, I view classic snaps as AppImages with a Daemon to manage them, because they’re very similarly conceptually.

But that’s why the sandbox can’t just be disabled. It isn’t a singular thing and to do it to the extent of classic requires engineering the package for it, some won’t be suitable, since strict avoids entire leagues of problems and has certain functionality that classic also doesn’t, like layouts! Another Mount Namespace thing, or extensions for e.g., Gnome/KDE runtimes.

You can force devmode on strict packages, but you can’t force classic.

Basically. Snaps undergo a rigorous amount of testing and justification if they’re to be allowed in classic confinement due to the security risks involved.

There’s another way to give snaps access to directories, and that’s through a Layout Bind. For instance, in order to give a snap I maintain access to the ALSA stack:

layout:
  /usr/share/alsa:
    bind: $SNAP/usr/share/alsa

This essentially creates a symlink in the snap to /usr/share/alsa so that the snap can read that directory, in this case, for MIDI connections.

However, giving snaps unfettered access to any file other than in $HOME requires classic confinement. One such snap that has that is Microsoft Visual Studio Code. Another is the installer subiquity and its frontend, ubuntu-desktop-bootstrap. Another is snapcraft itself. You can understand why those might require it, but they have to be from a trusted source and thoroughly reviewed so that they have nothing malicious. These typically require a formal request in forums.snapcraft.io.

And, of couse, @James-Carroll beat me to it.

Thanks to @James-Carroll and @eeickmeyer for chiming in and educating us folks unfamiliar with what’s under the hood so to speak. That really helps.

@paddylandau mentioned the GEdit Snap not being able to access systemwide files (which we often use editors for) as well as $HOME/bin (which seems odd). It seems that Microsoft Visual Studio Code got granted classic confinement for this purpose. Why not GEdit?

Desktop team hasn’t applied for it? That’s the only thing I can think of. Like I said, it requires an explicit request on the Snapcraft Forums.

Furthermore, it has to be explicitly installed with the --classic option as well if it has classic confinement, so it’s not as easy as clicking “install”.

As @James-Carroll suggested, one might be able to install it using --devmode which would give it better access, or even switch it with sudo snap refresh --devmode gedit.

Well I found the bug @paddylandau made on the subject. @seb128 seems to identified the problem and suggested some solutions. No movement in 4 years. Similar to the complaints @paulw2u had above. I’m just confused as to why this hasn’t been given more attention. Perhaps because people don’t know how to file bugs against Snaps? Perhaps because developers don’t know where to look for the bugs? I’m scratching my head on this one.

Each snap has a place for which to file bugs. For gedit it’s a specific link to Launchpad which tags the bug as a snap.

Due to the fact that snaps might not come from a singular source, there can be no singluar place to report snap bugs. Remember, it’s not just for Ubuntu but for all Linux distributions. As described above, Thunderbird wants it on their bugzilla (same with Firefox), gedit wants it on Launchpad, etc.

It looks like @paddylandau filed the bug correctly. I cannot account for why it hasn’t been addressed.

@James-Carroll I sort of understood most of that in a fuzzy sort of way.

What you seem to be saying is that snaps inherently can never achieve the same level of usability as the .deb system.

QED. If it won’t ever work for the majority of normal users why even bother pursuing the concept? If it’s just about making things easier for app developers to offload their packages in a secure way that is understandable, it will promote innovation and new concepts easily.

It still boils down to what is best for the end user? By best I mean the most reliable and easy to use for the end user. Is the end goal for snap proponents just to make it more secure and easier for developers of apps? Is that what it’s all about? If that is the case then snaps and any other similar “solution” is dead in the water.

Without usability for the end user it’s a foregone conclusion that it will inevitably fail as a concept.

The devs are aware, but no action has been taken. I’m not sure why as now that gedit is no longer installed by default (in favor of GNOME Text Editor), the version that most people are installing is the snap.

With that, I bumped the issue.

I think I’d disagree it won’t work for the majority of normal users, it won’t work for all users certainly, but majority being the key word would be more than 50%. To be less pedantic and choose rougher and more realistic numbers, I imagine we’d like to say that was 90+, 95 maybe? As close as 99?

Ultimately the very concept of a sandbox is to deny something being possible, so as a thought experiment its impossible to ever both have a sandbox and also have “everything” available, the key is to what degree can we implement a sandbox that’s transparent, letting the majority of things get through whilst not being rendered unusable, and I think the technologies still have momentum to improve on that over time and would likely get to the point the layman wouldn’t be able to tell a difference. (Arguably, they already are at that point, and it’s people slightly above the layman who do things like symlink $HOME/documents to /media/ssd/documents who end up having the majority of issues, it’s a common example, and the correct solution is to use a bind mount, yet plenty of people will say it’s an insurmountable problem, and won’t ever stop popping up in support tickets).

– More Generally–

Personally my thoughts having being in the Snap community 6-7 years now is that a lot of this comes down to the community as much as the technology, at various levels.

E.G., Users keep repeating old news or half truths in social media. This is then repeated by more people elsewhere, until eventually you have more people reporting things don’t work than people who’ve actually seen those things not work. Some of that happens on Snapcraft owns forums, where you might e.g., have a thread with 100+ responses saying “This feature is lacking”, a response 80 posts down 3 years later saying “it’s added”, and posts 20 down beyond that several years later saying “How is this still not implemented?” (they didn’t read the update!).

We can see that to some degree here, there were 3 blogs posted in Snapcraft itself on the Firefox speed improvements (Firefox snap performance Part 3: significant startup improvements | Snapcraft) - that was 3 years ago now, and people still percieve Firefox to be how it was before any of this was ever done. The work on Firefox also impacted a lot of other snaps (E.G., it was related to Firefox that the Gnome/Kde extensions changed compression to LZO too, benefitting loads more snaps than just Firefox itself).

Of course, community is more than just the end users, another gripe to me personally is that the Snap Store is accumulating what politely sums up as “no-op bloat”, or less politely, garbage. The model of being open in allowing people to submit snaps results in 500+ “Hello World” snaps on the store (Hello world - you can make these invisible in 2 clicks, please do) or apps that historically would have worked decently but haven’t seen any updates in several years. To me, we’ve a problem of people being keen to upload snaps and a lack of people being keen to actually maintain them, it’s understandable when there’s been years between creation and retirement, but to me there needs to be a harder mantra establishing a person as responsible, both in the sense of that they’re technically competent and also that they’re making good faith efforts for the community in maintaining that package long term.

I say that as someone who’s had my own snaps re-uploaded by other users, then promptly abandoned, and now have to keep in mind 5 years later that there’s STILL broken duplicates of otherwise functional and maintained packages, and can peek at some of the usage logs to prove there’s still people using them. That’s a terrible position for us to be in as a software repository, why are we providing people with broken versions of existing packages? And generally broken packages at all. This is an awful user experience and isn’t insurmountable but IMO there’s very little being done about the consistently growing list of unmaintained snaps and they outgrow the list of well designed and functional ones.

To me, I think there’s a long term future for snaps to co-exist alongside traditional packaging (as other people have said, they wouldn’t exist without them) - and to use snaps selectively to bolster the existing classical distribution. Separately I think idea’s like Core Desktop are worth pursuing because going back to “Normal” users, I’ve absolutely installed Linux in past for ChromeOS-like user experiences and I think Ubuntu Core Desktop would be able to punch harder than ChromeOS in that area. I could easily imagine myself daily-driving a fully Snap powered desktop using LXD container workflows, other distributions are already enjoying fans.

Ultimately, it makes me upset that snap is both significantly more popular (in terms of absolute numbers of users, although naturally mostly Ubuntu inclined…) and less popular (in appeal), which in my experience as a packager leads to weird situations like having 3x the users of say equivilent Flatpaks, but 1% of the bug reports. That’s not to say I don’t have bugs, it’s more my snaps have bugs fixed that are identified in the Flatpak repositories first, after I include the Flatpak in my daily trawls, because for whatever reason the Flatpak community although smaller in absolute terms seems to have a much more successful interaction between each part of its overall community going on.

(To be fair, I do see a lot of feedback on "WHERE do I submit Snap bug reports?, so maybe there’s work to be done there, although frankly even as an Ubuntu user on and off for 20 years, it’s still not in my nature to use ubuntu-bug - it’s not obvious enough, that said, why doesn’t it work with Snaps? We’ve bug report meta data in snap.yaml and the store API’s now).

This is a bit wordy, and possibly going off tangeant, but hopefully someone found it interesting. In tl;dr fashion, my personal opinion now is that Snap has accidentally ended up in a position of quantity over quality and IMO it’s worth at a project level deciding that after 10 years it’s not an upstart project anymore, and begin transitioning to a more curated (but not overly so) model. That’s not to say I don’t want people to find it easy to begin working with and publishing snaps. But actually, it does need to be harder than it currently is with more ongoing curation, because the amount of damage that a person can do in ten minutes isn’t limited to the ten minutes they upload a snap and never come back, but the ten years its “yet another broken snap” still being shown to users; which isn’t going to stop unless intervention happens.

Final Thoughts

From the snap side, we should keep up with blogs, we should increase the blogs! We have things being repeated that aren’t true, and we have innovations happening that people don’t pick up on. Stuff like James Henstridge implementing an XDG Portal to benefit Flatpaks and Snaps regarding Web Browser Extensions - why do people see the world as Snap vs Flatpak? That’s literally a win for both and a great example of FOSS collaborating even with differences. Comments like “KeepassXC doesn’t work with snap Firefox” doesn’t have to be true and also isn’t in Ubuntu 22.04+ as of a few weeks ago. (It’ll still be true in some places and there’s work to be done, but it’s progress).

Things like the AppArmor patches being upstreamed in 6.15. Do the Arch Users now know they kave SNAPD_REEXEC enabled like Debian relatively recently now? And that with kernel 6.15, they would have fully confined sandbox like it was Ubuntu itself, technically able to use e.g., prompting-clients too (have we told people Prompting Client exists yet?)

Do people know about the ongoing work for LSM Security Stacking with SELinux, so we can have a world where a Fedora user with snapd gets AppArmor without having to disable SELinux from their base services? Because it’s a work in progress, and it shows that whilst the problems might not be easy to fix, they’re at least acknowledged.

We’ve a weirdly sticky stigma and whilst there are still valid technical problems, I think there’d be huge gains to be made in a better handle on the community side too, which is probably a bigger problem to long term adoption than the technical side alone.

snapping back

I think this conversation has actually been rather fruitful. Over the course of this conversation, we’ve discussed a lot of pros and cons with Snaps. I’m going to use a post above to highlight some of those things.

So I hope we can all see that there is a benefit to Snaps, despite their problems. That is true not only to developers but also to users.

enter sandbox

The first and last of that list are the two sides of a double edged sword: confinement. This is the sandbox. That’s not a developer advantage, that’s a user advantage. But it’s also a user disadvantage, too. It can also be a bit of a difficult thing to work through for developers. The good news is that this is not an insurmountable problem.

For a Snap to have access to the entire filesystem, that’s a bit of a sticky wicket that requires classic confinement, which in turns requires explicit approval given the possible security implications. Those don’t come easy, so that may be the reason why GEdit never got it. That, however, is a bit of an extreme example when you think about it. Most applications do not need access to the whole file system for any practical reason.

For the vast majority of Snaps, there are some ready-made solutions to access resources out of the sandbox. As @eeickmeyer pointed out, you can use a bind. There are also XDG Desktop Portals. This is how Firefox can manage to save screenshots and such.

bugging me

But this gets me back to the other issues: bugs. I’ve wrote about this elsewhere but there really is a problem with knowing where to report issues. There’s also cases of splitting discussions about Snaps, as is the case with GEdit, in particular. This really needs to be solved.

I know we can’t do this for all distros, but we can do it for Ubuntu flavors. We just need to modify ubuntu-bug to use the Snap metadata. I know @James-Carroll surprisingly doesn’t use it, but that’s what our documentation suggests to use.

@eeickmeyer did just add the little section to that documentation about Snaps but it misses a couple things. One, average users may not know the difference between a Snap and a Debian package. Two, it assumes there’s information there. I’m going to draw attention to one rather important Snap: element-desktop. Even when running snap info --verbose there isn’t a single bit of contact information whatsoever. It’s not in the repos of Ubuntu’s org on GitHub. It’s not in the repos of ~desktop-snappers. Yet we are recommending it in official documentation.

Also, Snap discussion in general is spread all over the place. There’s here, there’s the Snapcraft forum, there’s random little discussions happening here and there and everywhere. It’s hard enough for someone to figure out how to report a bug, let alone discuss things.

PR problems

I also agree with what James said above. There’s a certain image problem Snaps have in general because of all the garbage (let’s call it what it is) in the store and problems with transparency. I think we’re fighting a lot of battles about Snaps because it’s an uphill battle against all that old baggage. Just spitballin’, I could think of a couple fixes here:

1. Create tooling to go through through all the Snaps and compare against upstreams, removing outdated ones. Give some option to have the developer submit an update in x time period without further hassle, otherwise it is permanently removed.
2. Stricter requirements on metadata. Contact information is a requirement, not optional. By providing it, you are agreeing to manage support for the Snap at that location.
3. Make some “playground” (a different kind of sandbox, no?) where budding Snappers can put up their examples for people to play with. Maybe even a separate kind of store.
4. Increase the bar just a little bit more on new entries in the store. At the very least, compare them against other Snaps. We shouldn’t have dupes.
5. I’m sure this will be contentious but there’s no bad idea in a brainstorm, right? Make an option to “flag” a Snap as unmaintained so that a human can give it a once over and make sure everything is in order. If not, give them x time to update or remove it permanently.
6. After doing all this refinement, make a big, huge public announcement and repeat it on all the places making it clear this is a new age of Snaps and Snapcraft. Gone is the old way. In with the new. Encourage those who had problems to try again.

@wxl @James-Carroll @eeickmeyer ,
Thank you all for your very thoughtful and well-presented thoughts on snaps and their past development and future direction. As I previously said, in order for snaps to be universally accepted I believe the emphasis needs to be far more biased towards usability for the end user rather than the more technical side of the ins and outs.
For instance, @James-Carroll espouses the use of “bind mounts” to overcome the limitations of directory and file access out of the sandbox.
How many ordinary desktop users even know what a bind mount is?
Perhaps when a user enters the apps store of snaps, a prominent notice pointing out how to do various things and the undoubted security advantages of using snaps may be useful.

Proponents really cannot expect the average desktop user to delve into the inner workings of the operating system just to do simple tasks.

The problem is an old one, the long-time and experienced operators just cannot get their heads around what it is to be a non-technical average Joe or Josephine because they have all this accumulated knowledge in the back of their heads. It is impossible for them to have a blank sheet experience as a new user. It’s a communication problem basically.

All the other issues can be ironed out between the app developers and the administrators, this fundamental one is the issue that will make or break the snap (or any other) ecosystem.
Cheers Tony

Those technical solutions mentioned here were not suggested as a solution users could use, but ways developers could fix these problems.

I think we are all in agreement that whatever technology we create needs to be user friendly and it should be assumed that the target user doesn’t know their terminal from their elbow.

Well… among the various reasons for this phenomenon, one of them is undoubtedly that some backend components are closed source.

Another reason is that unfortunately, some decisions by Canonical led to their products not being very well regarded by the communities. Even today, several years after the link to Amazon was removed from Ubuntu, communities continue to refer to this situation to argue that Canonical puts spyware in Ubuntu, even though this is not true. So, in my opinion, Canonical has an image problem within the communities. I believe that making the snaps backend 100% open source could be an important step towards reconciliation with the Linux community.

As a none technical ubuntu user when it comes to subjects like packaging of apps. I just wanted to say that this was a most interesting discussion. Thank you to those with the intimate knowledge of snaps for sharing their wisdom. Genuinely educational for an ordinary end user like me. Much appreciated.

OK, looks like we need another warning.

These threads tend to get heated, and sometimes hostile language is used.

There will be no insulting of companies or packaging methods here. If you have nothing nice to say, don’t say anything.

There’s a difference between insulting and offering constructive criticism. Insulting would be against the Code of Conduct, specifically “Be respectful.”

Additionally, any points that have been made here or in other topics about snaps vs flatpaks vs debs will be flagged and removed, or anything that insults Canonical as a company. This Discourse is their workplace. How would you like it if someone walked in to your workplace and hurled insults at your company?

This will be the only warning. Future comments that do the above will be promptly removed.

Setting 1 hr slow mode.

Which ones are those?

From what I’ve read, they are components of the Snap Store backend, in fact, this is one of the reasons why other distros have chosen not to include snap support by default.

Links please.

There are proprietary Snaps (example: VS Code) but I’m confident snapd is open source. Actually, so is the Snap Store. And Snapcraft, the packaging tooling.

Maybe you’re confused about what you’re reading?

Thank you @eeickmeyer and @ian-weisser for the brilliant job moderating this thread.

https://www.reddit.com/r/Ubuntu/comments/fgnggx/why_isnt_the_ubuntu_snap_store_open_source/

PS:

@eeickmeyer

Sorry if what I said above was interpreted as an insult, that was not the intention in any way. I just mentioned an unfortunate reality, what I said happens in several communities, and it is possibly one of the reasons that also helps to explain the less “appeal” of the snaps that the author above mentions. I said it with good intentions, without the intention of offending anyone or any organization. It is by knowing the problems that we can overcome them.