Announcement

Collapse
No announcement yet.

Ubuntu 24.10 To Enhance Snap Permissions Handling

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ubuntu 24.10 To Enhance Snap Permissions Handling

    Phoronix: Ubuntu 24.10 To Enhance Snap Permissions Handling

    With the upcoming Ubuntu 24.10 release, Canonical is introducing permission prompting for more control over Snap access to systems to enhance security...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Canonical really improved my snap experience when they convinced me to switch to Fedora to avoid snaps.

    Comment


    • #3
      Now if they could get rid of that annoying automatic update system then Snap might begin to be good.

      Comment


      • #4
        Good, this is sorely needed for Snap and Flatpak.

        Comment


        • #5
          I have to admit, this does look slick. Snaps continued reliance on AppArmor is why Flatpak has already won though. I don't want to have to install a custom kernel with whatever AppArmor patches are needed, and make sure my AppArmor user-space is specially configured to work right.

          I do have AppArmor enabled in my kernel and user-space on my Gentoo system but it's almost certainly not the right versions that Ubuntu uses (Gentoo's own release monitoring even says it's outdated: https://packages.gentoo.org/packages/sys-apps/apparmor)

          It wouldn't run on my system anyway, where as Flatpak does, because Snap needs Systemd just to mount a squashfs file. I could perhaps use an LXC container as a workaround if I could figure out a) how to get GUI apps to run in it and b) how to get snapd to run in it (it doesn't seem straightforward to run in a container) but why bother when Flatpak works fine.

          Comment


          • #6
            Originally posted by hyperchaotic View Post
            Good, this is sorely needed for Snap and Flatpak.
            Flatpak already has it. With Flatseal you can also manage it via a GUI app (without using the command line).

            Comment


            • #7
              Our company actually develops a product based on Ubuntu, and Snap has been a major PITA for that. There are environments our product has to run in that don't have Internet access, yet still need to have regularly updated with any security fixes software, and Canonical has no solution for that right now other than selectively pulling specific packages from snap store and side-loading them into a standalone snap proxy instance. I've also heard Canonical claiming that shipping Firefox as a snap is Mozilla's requirement, but why does Mozilla then serve their own APT repo now? Either way, on my work laptop (where I run Ubuntu because our corp IT doesn't allow running Debian) I just have APT pin to set `snap` priority to -1, making sure it never gets installed once it is purged from the system.

              Comment


              • #8
                Glad to hear the news. As a linux user with a beginner level of proficiency, the thing i like about Snap as apposed to Flatpak is that it gives me extra 1 fps in OpenRA game (30fps vs 29fps) while running on my Raspberry Pi 5 4GB RAM version despite the noticably longer time taken to launch the game compared to Flatoack.

                Comment


                • #9
                  Originally posted by moonwalker View Post
                  Our company actually develops a product based on Ubuntu, and Snap has been a major PITA for that. There are environments our product has to run in that don't have Internet access, yet still need to have regularly updated with any security fixes software, and Canonical has no solution for that right now other than selectively pulling specific packages from snap store and side-loading them into a standalone snap proxy instance.
                  It seems like you should be using a different packaging mechanism than snap then.

                  Comment


                  • #10
                    Originally posted by AkulaMD View Post
                    Glad to hear the news. As a linux user with a beginner level of proficiency, the thing i like about Snap as apposed to Flatpak is that it gives me extra 1 fps in OpenRA game (30fps vs 29fps) while running on my Raspberry Pi 5 4GB RAM version despite the noticably longer time taken to launch the game compared to Flatoack.
                    That's probably down to how the binaries were compiled for each flatpak and snap versions. Once they're running, there's basically zero overhead.

                    Comment

                    Working...
                    X