Announcement

Collapse
No announcement yet.

Ubuntu 24.10 To Enhance Snap Permissions Handling

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by MadWatch View Post
    Now if they could get rid of that annoying automatic update system then Snap might begin to be good.
    I actually want my snap / flatpak apps to upgrade automatically. For flatpaks I end up creating a systemd timer to do it, but it would be nice if it was a built in option. When your web browser that is the largest attack surface on your machine is packaged this way, auto updates are a good thing.

    Comment


    • #12
      Can I install snaps without sudo rights yet?

      Comment


      • #13
        Originally posted by MadWatch View Post
        Now if they could get rid of that annoying automatic update system then Snap might begin to be good.
        and the mount point spam

        Comment


        • #14
          Originally posted by MadWatch View Post
          Now if they could get rid of that annoying automatic update system then Snap might begin to be good.
          You can now completely turn off automatic updates of snaps:
          Snaps are containerised software packages that are simple to create and install. They auto-update and are safe to run. And because they bundle their dependencies, they work on all major Linux systems without modification.

          Comment


          • #15
            Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post

            I actually want my snap / flatpak apps to upgrade automatically. For flatpaks I end up creating a systemd timer to do it, but it would be nice if it was a built in option. When your web browser that is the largest attack surface on your machine is packaged this way, auto updates are a good thing.
            Remember you won't get those updates until you restart all of your running Flatpaks anyway. How do you know when your Systemd timer has updated something? Does it send you any notification? I like how KDE's Discover notifies me about updates and don't mind doing it manually.

            Comment


            • #16
              Originally posted by tesfabpel View Post

              Flatpak already has it. With Flatseal you can also manage it via a GUI app (without using the command line).
              Permission granularity is kinda joke.
              And it is pointless as flatpack has numerous sandbox problems, hint don't use it for security - it is just distribution tool.

              Comment


              • #17
                Originally posted by royce View Post

                That's probably down to how the binaries were compiled for each flatpak and snap versions. Once they're running, there's basically zero overhead.
                I see. So there's basically no performance penalty running an app through Snap/Flatpak compared the the native installation? Thank you very much for sharing the info and confirming what I've heard from some other users.

                Comment


                • #18
                  Originally posted by moonwalker View Post
                  Our company actually develops a product based on Ubuntu, and Snap has been a major PITA for that. There are environments our product has to run in that don't have Internet access, yet still need to have regularly updated with any security fixes software, and Canonical has no solution for that right now other than selectively pulling specific packages from snap store and side-loading them into a standalone snap proxy instance. I've also heard Canonical claiming that shipping Firefox as a snap is Mozilla's requirement, but why does Mozilla then serve their own APT repo now? Either way, on my work laptop (where I run Ubuntu because our corp IT doesn't allow running Debian) I just have APT pin to set `snap` priority to -1, making sure it never gets installed once it is purged from the system.
                  Why don't you use AppImage instead?

                  Comment


                  • #19
                    Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post

                    I actually want my snap / flatpak apps to upgrade automatically. For flatpaks I end up creating a systemd timer to do it, but it would be nice if it was a built in option. When your web browser that is the largest attack surface on your machine is packaged this way, auto updates are a good thing.
                    On the contrary, I hate automatic updates, because they can interrupt my workflow.
                    I prefer to be notified of available updates and launch them myself, at a time that doesn't interrupt anything.
                    This is basically what happens on my Tumbleweed KDE.​

                    Comment


                    • #20
                      Originally posted by moonwalker View Post
                      Our company actually develops a product based on Ubuntu, and Snap has been a major PITA for that. There are environments our product has to run in that don't have Internet access, yet still need to have regularly updated with any security fixes software, and Canonical has no solution for that right now other than selectively pulling specific packages from snap store and side-loading them into a standalone snap proxy instance. I've also heard Canonical claiming that shipping Firefox as a snap is Mozilla's requirement, but why does Mozilla then serve their own APT repo now? Either way, on my work laptop (where I run Ubuntu because our corp IT doesn't allow running Debian) I just have APT pin to set `snap` priority to -1, making sure it never gets installed once it is purged from the system.
                      Mozilla doesn't have their own APT repository, the repo is named "The Mozilla Team" because it is done by the Ubuntu Mozilla Team, aka this is a PPA provided by Ubuntu for those that prefer to use the apt over the Snap but in a way where Snap is the default and you have to jump through hoops to use the apt version.

                      If your machines don't have Internet access then the need for security updates is quite low to be frank. That said, this is an issue regardless of you use snap, any other container format or rpm/apt. And Snap have a download function so you can download the snaps on an Internet connected machine and then transfer the files to the non Internet connected machine via say a flash drive and then install it locally with "snap install /path/to/the/snap", so exactly like you would do it with apt or rpm.

                      Originally posted by AkulaMD View Post

                      I see. So there's basically no performance penalty running an app through Snap/Flatpak compared the the native installation? Thank you very much for sharing the info and confirming what I've heard from some other users.
                      ​Yes, snaps are native versions so we are not talking about something that is virtualized or emulated, it's just how it is packaged that is different.
                      Last edited by F.Ultra; 11 September 2024, 03:54 PM.

                      Comment

                      Working...
                      X