This is for 2 reasons. One is that all non-classic snaps are already confined by AppArmor which denies access to things like /etc, /root, your home folder, etc. without an appropriate interface connected.[1] Secondly, there is upcoming working on supporting portals that will allow a snap to attempt to access any file on the system and display a graphical prompt allowing you to allow that access. I’m not super familiar with how portals are implemented, but I know that work is underway and it will be the preferred way to provide snaps access to files going forward after it’s done as it does exactly what you want and provides the user a way to control what files are accessed by snaps as those files are attempted to be accessed. Of course not every snap will implement support for portals, but then it’s an adoption question.
Non-classic snaps are not allowed to read/write to any file in the home directory starting with a dot. [2]
Additionally, even if you do use a classic snap, you need to explicitly acknowledge you are installing a classic snap with the --classic flag, and only developers that have been vetted are allowed to publish classic snaps.
The gnome-calculator snap (and to my knowledge all other pre-installed snaps) are all strictly confined (i.e. not classic) and hence are sandboxed by the snap confinement model detailed in this white paper. This means that they cannot access things like arbitrary files on the filesystem and also cannot arbitrarily access devices on the system, in the way I presume a keylogger would.
[1] These interfaces could be auto-connected however if a snap author requested auto-connection as per the snap declaration approval process
[2] Though now they can if the snap is vetted using the snap interface auto-connection approval process and uses the personal-files interface new in 2.37.
Why don’t you just let this portion of your user base disable this thing? Your stance towards your users is we know better than you. This is wrong. Let most of your users use what you find appropriate, but please, let us who understand our OS configure snap according to our needs.
On updates, this is basically their position (though they will try to deny it, because the optics aren’t good, but I still think this is basically what the argument boils down to), and their argument, they claim, is backed up by evidence of a great many people remaining on outdated and unsafe software when they have the option to. How do you back up your claim that ‘This is wrong’? Just that Linux is about choice and control? But it’s just free software and snappy is free software (aside from the store code) and can be forked (and/or someone can set up an open-source store) if people really don’t like this decision (but no-one has yet)?
Our devices disable the autorefresh from store, but our developers make ti automatic to update our software , now we recieve a bill show that we need to pay about 6k dollar for 4G data of 300 devices of one mouth.
How do you back up your claim that ‘This is wrong’?
Easily. You worry about outdated and unsafe software. But no one in this thread have ever asked for disabling automatic updates by default. What is desired is ability to switch it off.
But it’s just free software and snappy is free software (aside from the store code) and can be forked (and/or someone can set up an open-source store) if people really don’t like this decision (but no-one has yet)
You are right. I don’t want any forced babysitting. I’ve used snap only to get LXD on Arch, but I’m now on AUR package. I’d gladly see more diversity in package/software managers, but this is just another App Store, not respecting what user wants.
I understand that, so what, exactly, is wrong about the snappy developers not providing a simple, global, off switch for automatic updates? Is your argument that it is wrong sound?
No worries, if you can’t deal with the status quo on this issue then that is the correct action to take ‘not respecting what user wants’ isn’t that true of every piece of software, though, because no piece of software has an infinite number of toggles so that the user can tweak the software to do exactly what they want it to do?
Your response would seem as if it were written by someone who hadn’t actually read through the rather voluminous previous parts to this conversation.
@marekhwd What is desired is ability to switch it off.
@Ads20000 I understand that, so what, exactly, is wrong about the snappy developers not providing a simple, global, off >switch for automatic updates? Is your argument that it is wrong sound?
The answer to your first question lies in the many requests from other long term devs on other projects that have advanced quite a few reasons - - - none of which trump management decisions.
Your second question shows faulty logic. You don’t even say that the argument is wrong and you present no reasons - - - - just by your position (which is really not clear that it is anything official) you state that the argument is wrong.
@Ads20000 No worries, if you can’t deal with the status quo on this issue then that is the correct action to >take  ‘not >respecting what user wants’ isn’t that true of every piece of software, though, because no piece of >software >has an infinite number of toggles so that the user can tweak the software to do exactly what they >want it to do?
Your posit here is actually quite amusing. Somehow you are suggesting that every piece of software is infinite. Would love to hear your argument for that - - - but - - - as that posit is quite patently false the requester’s ask for a toggle is not negated.
I live in a very poor country, I have a mobile data connection which is very very expensive and limited. I just installed Ubuntu 18.04 and almost instantaneously I was shocked because snapd was consuming all my data plan. So my question is, can I stop snapd from eating my data connection?
I am trying to be very polite, but honestly after reading this thread I am feeling very frustrated about the way this issue had been handled by the dev team. I am in a huge need for a definite solution and not just a temporal one. Do I need to remove snapd from my system?
This has been covered in this topic and the one about metered connections:
In 18.04, in the network settings, make sure you’ve told it that the network is metered.
Then, tell snapd to not refresh on metered, via snap set system refresh.metered=hold.
Thanks for the quick response. However if I understand correctly. the above is not going to stop snapd for automatically update it self in the long run? Is this true?
yes, of course. It gives you control over when that update happens (you can also change the refresh frequency, if you’re never not metered for example maybe it’d be best if you just set the refresh to be every 2 months or something).
You can defer snap refreshes until you have unlimited internet access, note that even you defer it there’s still a time limit where snapd will force upgrading all the snaps IIRC.
I read this topic. But I could not understand if the issue resolved.
On some other topic writes that “snap set system refresh.metered=hold” works. But I could not get if it works only for current network or not?!
Note:
I don’t trust canonical, I don’t trust snap platform too. I don’t want to install docker to whole system. The only reason for me to use the snap is that: official docker package is available as snap.
Snap is coming default installed on LTS of Ubuntu. can you think a software which start auto update and never stops? If it is canonical’s, so yes possible. They are doing this only because they are getting informations (statistics/telemetry) from their users. Nothing else.
Nothing is impossible. I am developer too. To disable/enable auto update can not be so difficult (at least with a manual config). This is completely a game. they are telling that the system is open source… only fools can believe this.
This configuration only works for “metered networks”, like tethered mobile network sharing that is detectable by NetworkManager via some de facto standards. You can verify if your network is metered or not by running the nmcli command.
Yes: Chrome (on Windows), Firefox (on Windows), Chrome OS
Can you prove this statement? Personally I quite like automatic background refreshes, it means my software is fresh and secure on any version of Ubuntu (and some other operating systems) without me needing to do anything!
The snappy store is not open-source, everything else is. If you’re a developer and know Go then you’re very welcome to fork snappy to implement the changes you want (it’s licensed under the GNU General Public License v3.0 and the source code is available here). Indeed, some work has previously been done on implementing analternative store (to resolve the perceived issues raised regarding External repositories).
‘not respecting what user wants’ isn’t that true of every piece of software, though, because no piece of software has an infinite number of toggles so that the user can tweak the software to do exactly what they want it to do?
