Snap install modes

A snap can be installed with the following optional arguments, typically used to help test a snap under development, troubleshoot interface issues, or debug application crashes:

  • --classic: classic confinement for full system access
  • --dangerous: dangerous mode for testing local unsigned snaps
  • --devmode: developer mode for testing and viewing log output
  • --jailmode: forces a snap to be installed with strictly confinement

See Check snap install mode for how to check the install mode status of any installed snaps.

Classic confinement

Without further command line arguments, a default snap installation will attempt to install a snap as strictly confined.

Strict confinement is used by the majority of snaps, enabling them to run their applications and services in complete isolation with a minimal access level that’s always deemed safe.

Certain snaps, however, require unfettered access to the system, and these are packaged as classic snaps. Installing a snap that requires classic access will prompt the user to use the additional --classic argument:

$ sudo snap install snapcraft --classic.

Only classic snaps can be installed with the --classic argument. However, while the argument is silently accepted when installing a strict snap, it won’t make any difference to its confinement. The snap will still be strictly confined.

See Snap confinement for more details on confinement levels.

Dangerous mode

The --dangerous argument will install a local snap without validating or checking its assertions or signatures. These signatures are used to link a snap to its publisher and store, and to ensure that a snap remains unchanged during delivery and storage.

This option is useful when testing snaps shared through a trusted channel, and for testing snaps built locally, before eventually being published to the store.

Developer mode

Adding the --devmode argument to the snap installation command will install the snap as a strictly confined snap with full access to system resources, effectively disabling security confinement.

The validity of a snap’s signed assertions will also be checked, linking a snap to its developer and store, but the installation will progress even when the validity cannot be verified. In this case, the devmode snap is additionally equivalent to being installed with --dangerous (see above).

A strictly confined snap running in devmode will generate log and AppArmor profile output associated with the snap, helping snap developers and testers understand access issues and other confinement problems.

The devmode argument is also a requirement if a snap has been built and published with confinement: devmode in its snapcraft.yaml. These snaps are built for testing and cannot be released to their respective stable channels. See Choosing a security model for further details.

Additionally, snaps running in development mode will not be updated. This is because it’s assumed the snap developer wishes to test, and continue testing, a specific release. To update a snap, it will first need to be removed and reinstalled without --devmode.

Jail mode

Installing a snap with --jailmode will install the snap into a strictly confined environment.

Only non-classic snaps can be installed with jailmode. This can be useful when testing how a snap published with devmode (see above) will behave when strictly confined, and is usually a precursor to a snap being published as confined and stable after a period of testing.

Check snap install mode

The snap list command will include the install mode status in the Notes column for each respective snap:

Name        Version            Rev    Tracking        Publisher     Notes
liquidctl   1.7.1-11-g6295354  1      latest/stable   morrisong     devmode
snapcraft   5.0                6751   latest/stable   canonical✓    classic