Snaps: a failed experiment

Oliver Grawert ogra at ubuntu.com
Tue Sep 23 18:57:37 UTC 2025 

Hi,
Am Dienstag, dem 23.09.2025 um 13:47 -0400 schrieb Paul Smith:
> On Tue, 2025-09-23 at 16:48 +0000, Jeffery Small wrote:
> > Another Firefox snap problem I ran into a long long time ago
> 
> According to this page, that problem is solved:
> 
> https://snapcraft.io/docs/home-outside-home
> 
> but I'm not sure it really works; this:
> https://bugs.launchpad.net/snapd/+bug/1620771
> is not marked as resolved yet.
> 
The above is definitely fixed since about a year, it is likely an
oversight that the bug was never closed. Nowadays your homedir can live
anywhere in the filesystem and be called /foo/bar/baz/$USER if you
want, you just need to set the according snap system option...

> In addition to these issues there's this:
> 
> https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1621102
> 
This NFS with automount issue is very non-trivial and might even need
several kernel changes before being fully fixable...

> and this:
> 
> https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1884299
> 

This one is unlikely to ever be fixed due to the nature of apparmor and
filesystems on which it simply can not verify the integrity of a
symlink target by design, so the only thing it *can* do is to deny
access (any malicious app could just randomly create symlinks even
without being root to gain access to system resources outside of the
sandbox and i.e. sniff your passwords or grab your private ssh keys) 

This is easily worked around by using bind mounts instead of symlinks
though (which is also generally safer since only an admin can create
them)...

Snaps do 100% rely on in-kernel technologies for their confinement and
sandboxing, that makes absolutely sure you have no performance impact
at runtime while yet still getting 100% mediation from the kernel
features for any access to any resouce on the system ... 

While this is an awesome concept it also makes changes really hard and
time intensive since you often need to change things in the kernel
itself before a final fix in snapd is possible ... 

Along with that, snaps are quite a commercial success in industrial,
medical, IoT, robotics, automotive and even enterprise computing.

Any conceptual changes (evenb small ones) must make 100% sure to be
regression free since you do not really want to screw up that
controller device on that cooling pump in your next door nuclear power
plant via an OTA update or have people die because the life-support
machine keeping them alive has a "hiccup" ... so turnaround times for a
change are usually a lot longer due to more testing and verification in
general and more speficially also certification against such critical
systems before it can land in a stable release.


ciao
	oli

More information about the ubuntu-users mailing list