TIL: It is 2026 and you still can not run Snaps in strict mode on Debian-based systems

Lemmchen@feddit.org · edit-2 1 day ago

TIL: It is 2026 and you still can not run Snaps in strict mode on Debian-based systems

adarza@lemmy.ca · 13 hours ago

have you actually looked at a snap’s status?

root@cave:~# lsb_release -d
Description:    Debian GNU/Linux 13 (trixie)
root@cave:~# uname -r
6.12.88+deb13-amd64
root@cave:~# snap debug sandbox-features|grep confinement
confinement-options:  classic devmode
root@cave:~# snap debug confinement
partial
root@cave:~# aa-enabled
Yes
root@cave:~# snap info --verbose hello-world
name:    hello-world
summary: The 'hello-world' of snaps
health:
  status:  unknown
  message: health has not been set
publisher: Canonical✓
contact:   snaps@canonical.com
links:
  contact:
    - mailto:snaps@canonical.com
license: unset
description: |
  This is a simple hello world example.
commands:
  - hello-world.env
  - hello-world.evil
  - hello-world
  - hello-world.sh
notes:               
  private:           false
  confinement:       strict
  devmode:           false
  jailmode:          false
  trymode:           false
  enabled:           true
  broken:            false
  ignore-validation: false
snap-id:      buPKUD3TKqCOgLEjjHx5kSiCpIs5cMuQ
tracking:     latest/stable
refresh-date: today at 07:43 CDT
installed:    6.4 (29) 20.5kB -
root@cave:~# snap run hello-world.evil
Hello Evil World!
This example demonstrates the app confinement
You should see a permission denied error next
/snap/hello-world/29/bin/evil: 9: /snap/hello-world/29/bin/evil: cannot create /var/tmp/myevil.txt: Permission denied
root@cave:~#

Lemmchen@feddit.org · 13 hours ago

I tried running chromium, removing :home and was still able save and open webpages in ~/test.html. However, this happened through the native file picker dialog.