FWIW, snaps are sandboxed on any system that uses AppArmor, which includes most Debian or SuSE based distros. There’s also a partial implementation of the sandboxing for SELinux, but the different model makes doing a complete implementation problematic.
Is that sandboxing graphically available like with Flatpak? To my knowledge it required Apparmor patches but that these are upstreamed is a good info. The SELinux implementation sounds interesting, but well… I dont see the point?
Yes, that sandboxing works with graphical apps in addition to CLI apps and services, and there are several graphical applications that allow you to select connections for snapped apps, including KDE Discover.
The SELinux implementation is primarily there to ensure that SELinux’s enforcement doesn’t break snapped apps, but a side effect of the different model compared to AppArmor’s means that filesystem based sandboxing is only partial. And, of course, if the system has SELinux in permissive mode snapd won’t force it into enforcing mod. Specific vary from system to system, but it means that the filesystem isolation isn’t as good under SELinux as it is under AppArmor. Most of the sandboxing is done through cgroups, though, which is not dependent on whether one uses SELinux or AppArmor.
FWIW, snaps are sandboxed on any system that uses AppArmor, which includes most Debian or SuSE based distros. There’s also a partial implementation of the sandboxing for SELinux, but the different model makes doing a complete implementation problematic.
Is that sandboxing graphically available like with Flatpak? To my knowledge it required Apparmor patches but that these are upstreamed is a good info. The SELinux implementation sounds interesting, but well… I dont see the point?
selinux support doesn’t actually work. The point was to present snap as portable when it is not.
Bubblewrap on the other hand…
Works on any Linux kernel in the past like decade, yes.
Damn.
Yes, that sandboxing works with graphical apps in addition to CLI apps and services, and there are several graphical applications that allow you to select connections for snapped apps, including KDE Discover.
The SELinux implementation is primarily there to ensure that SELinux’s enforcement doesn’t break snapped apps, but a side effect of the different model compared to AppArmor’s means that filesystem based sandboxing is only partial. And, of course, if the system has SELinux in permissive mode snapd won’t force it into enforcing mod. Specific vary from system to system, but it means that the filesystem isolation isn’t as good under SELinux as it is under AppArmor. Most of the sandboxing is done through cgroups, though, which is not dependent on whether one uses SELinux or AppArmor.