On my laptop I need to have software which is only available for linux as a snap, this wasn’t a problem under Ubuntu, now I have set up TW with gnome but snapd is not in a main repo. Opi tells me that it’s a snappy repo.
Is there anything I should know before I will pull a trigger? Any warnings! Any snapd conspiracy theory I should know about? I’m serious here. Security of my system is everything.
Thanks
Have you checked out this reference?
And FWIW…is that software that definitely needs to run in the same environment as other software, or is an Ubuntu VM a possibility? (Might be easier than trying to glom the snap infrastructure onto a non-Ubuntu system?)
Then you don’t want to use snaps on openSUSE. There’s a bunch of security/sandboxing stuff that only works on Ubuntu and it’s derivatives.
If you absolutely must use snaps, either run Ubuntu, or install Ubuntu into a virtual machine and run them there.
I would double-check (with software author) if the software is available as a Flatpak … if so, then you’re good to go.
Care to list them? Or at least provide a link to some resource that actually describes what stuff absolutely requires Ubuntu?
Nope, I actually can’t.
I’ve done a bit of websearching, and checked the -Factory ML and some others, and can’t find any documentable reference.
Apparently these conversations all happened on IRC/Matrix/etc.
(No, I’m not being sarcastic or anything)
In a matrix discussion with one of the Contributors for snapd on Fedora and openSUSE, he says the following:
Me:
Is the sandboxing/isolation/whatnot working, if somebody wants to use snap packages on openSUSE?
Them:
partially working
the sandboxing relies on AppArmor features that are not all necessarily upstreamed
and as openSUSE moves away from AppArmor to SELinux, the sandboxing will be the same state as other distros
which is to say, very basic seccomp filtering will work, but not much else
The openSUSE snapd package does not currently ship the SELinux policy module required to impose some degree of SELinux-based sandboxing either