Snap is a software deployment and package management system. The packages are called 'snaps' and the tool for using them is 'snapd', which works across a range of Linux distributions and allows, therefore, distro-agnostic upstream software deployment. Snap was originally designed and built by Canonical.
snapd is a REST API daemon for managing snap packages. Users can interact with it by using the snap client, which is part of the same package.
Install the AUR or the AUR package.
snapdinstalls a script in
/etc/profile.d/snapd.shto export the paths of binaries installed with the snapd package and desktop entries. Reboot once to make this change take effect.
Since version 2.36,
snapd enabled AppArmor support for Arch Linux. In order to use it, you have to enable AppArmor in your system, see AppArmor#Installation.
develmode which mean they will have same, unrestricted access to your system as apps installed from Arch Linux repositories.
If you are using AppArmor:
$ systemctl enable --now apparmor.service $ systemctl enable --now snapd.apparmor.service
The snap tool is used to manage the snaps.
To find snaps to install, you can query the Ubuntu Store with:
$ snap find searchterm
Once you found the snap you are looking for you can install it with:
# snap install snapname
This requires root privileges. Per user installation of snaps is not possible, yet. This will download the snap into
/var/lib/snapd/snaps and mount it to
/var/lib/snapd/snap/snapname to make it available to the system.
It will also create mount units for each snap and add them to
/etc/systemd/system/multi-user.target.wants/ as symlinks to make all snaps available when the system is booted.
Once that is done you should find it in the list of installed snaps together with its version number, revision and developer using:
$ snap list
You can also sideload snaps from your local hard drive with:
# snap install --dangerous /path/to/snap
To update your snaps manually use:
# snap refresh
Snaps are refreshed automatically according to snap
To view the next/last refresh times use:
# snap refresh --time
To set a different refresh time, eg. twice a day:
# snap set core refresh.timer=0:00~24:00/2
See system options documentation page for details on customizing the refresh time.
Snaps can be removed by executing:
# snap remove snapname
Tips and tricks
Some snaps (e.g. Skype and Pycharm) use classic confinement. However, classic confinement requires the
/snap directory, which is not FHS-compliant. Therefore, the snapd package doesn't ship this directory. However, if the user wants to, they can manually create a symlink from
/var/lib/snapd/snap, to allow the installation of classic snaps:
# ln -s /var/lib/snapd/snap /snap
To verify that basic confinement is working, install hello-world snap. Then run the following:
$ hello-world.evil Hello Evil World! This example demonstrates the app confinement You should see a permission denied error next /snap/hello-world/27/bin/evil: 9: /snap/hello-world/27/bin/evil: cannot create /var/tmp/myevil.txt: Permission denied
The denial was caused by AppArmor and should have been logged:
$ dmesg ... [ +0.000003] audit: type=1327 audit(1540469583.966:257): proctitle=2F62696E2F7368002F736E61702F68656C6C6F2D776F726C642F32372F62696E2F6576696C [ +12.268939] audit: type=1400 audit(1540469596.236:258): apparmor="DENIED" operation="open" profile="snap.hello-world.evil" name="/var/tmp/myevil.txt" pid=10835 comm="evil" requested_mask="wc" denied_mask="wc" fsuid=1000 ouid=1000 [ +0.000006] audit: type=1300 audit(1540469596.236:258): arch=c000003e syscall=2 success=no exit=-13 a0=55d991ba6bc8 a1=241 a2=1b6 a3=55d991ba6be0 items=0 ppid=31349 pid=10835 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=3 comm="evil" exe="/bin/dash" subj==snap.hello-world.evil (enforce) ...
If you do not see the denial, verify that the profiles were loaded:
$ sudo aa-status |grep snap.hello-world snap.hello-world.env snap.hello-world.evil snap.hello-world.hello-world snap.hello-world.sh
Also, you can check what sandbox features are available in the system according to snapd:
$ snap debug sandbox-features apparmor: kernel:caps kernel:domain kernel:file kernel:mount kernel:namespaces kernel:network_v8 kernel:policy kernel:ptrace kernel:query kernel:rlimit kernel:signal parser:unsafe policy:default support-level:partial confinement-options: devmode dbus: mediated-bus-access kmod: mediated-modprobe mount: freezer-cgroup-v1 layouts mount-namespace per-snap-persistency per-snap-profiles per-snap-updates per-snap-user-profiles stale-base-invalidation seccomp: bpf-argument-filtering kernel:allow kernel:errno kernel:kill_process kernel:kill_thread kernel:log kernel:trace kernel:trap
Both Gnome Software Center and KDE Discover can provide native snap support. For KDE Discover installAUR package.
Arch Linux related mailing lists and other official Arch Linux support channels aren't an appropriate place to request help with snaps on Arch Linux. An appropriate place to ask for support is the Snapcraft forum.