Disabling automatic refresh for snap from store



This is for 2 reasons. One is that all non-classic snaps are already confined by AppArmor which denies access to things like /etc, /root, your home folder, etc. without an appropriate interface connected.[1] Secondly, there is upcoming working on supporting portals that will allow a snap to attempt to access any file on the system and display a graphical prompt allowing you to allow that access. I’m not super familiar with how portals are implemented, but I know that work is underway and it will be the preferred way to provide snaps access to files going forward after it’s done as it does exactly what you want and provides the user a way to control what files are accessed by snaps as those files are attempted to be accessed. Of course not every snap will implement support for portals, but then it’s an adoption question.

Non-classic snaps are not allowed to read/write to any file in the home directory starting with a dot. [2]
Additionally, even if you do use a classic snap, you need to explicitly acknowledge you are installing a classic snap with the --classic flag, and only developers that have been vetted are allowed to publish classic snaps.

The gnome-calculator snap (and to my knowledge all other pre-installed snaps) are all strictly confined (i.e. not classic) and hence are sandboxed by the snap confinement model detailed in this white paper. This means that they cannot access things like arbitrary files on the filesystem and also cannot arbitrarily access devices on the system, in the way I presume a keylogger would.

[1] These interfaces could be auto-connected however if a snap author requested auto-connection as per the snap declaration approval process
[2] Though now they can if the snap is vetted using the snap interface auto-connection approval process and uses the personal-files interface new in 2.37.


Why don’t you just let this portion of your user base disable this thing? Your stance towards your users is we know better than you. This is wrong. Let most of your users use what you find appropriate, but please, let us who understand our OS configure snap according to our needs.


On updates, this is basically their position (though they will try to deny it, because the optics aren’t good, but I still think this is basically what the argument boils down to), and their argument, they claim, is backed up by evidence of a great many people remaining on outdated and unsafe software when they have the option to. How do you back up your claim that ‘This is wrong’? Just that Linux is about choice and control? But it’s just free software and snappy is free software (aside from the store code) and can be forked (and/or someone can set up an open-source store) if people really don’t like this decision (but no-one has yet)?